Skip to main content

Apple CVE-2022-48575

| EUVDEUVD-2022-56002 LOW
Improper Authentication (CWE-287)
2026-06-10 apple GHSA-qh6w-x32f-6gmj
3.5
CVSS 3.1 · Vendor: apple

Severity by source

Vendor (apple) PRIMARY
3.5 LOW
AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (apple) · only source for this CVE.

CVSS VectorVendor: apple

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jun 10, 2026 - 22:01 EUVD
CVE Published
Jun 10, 2026 - 20:09 cve.org
LOW 3.5

DescriptionCVE.org

A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.

AnalysisAI

A person with access to a Mac may be able to bypass Login Window. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4. Affected products include: Apple Macos Monterey.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

Share

CVE-2022-48575 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy