CVE-2022-22647: 
macOS vulnerability analysis and mitigation

CVE-2022-22647 is a security vulnerability affecting the Login Window component in Apple macOS operating systems. The vulnerability was discovered by Yuto Ikeda of Kyushu University and fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, and Security Update 2022-003 Catalina, released on March 14, 2022. The vulnerability allows a person with physical access to a Mac to potentially bypass the Login Window (Apple Support).

The vulnerability was assigned a CVSS v3.1 base score of 4.6 (Medium) with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability requires physical access (AV:P), has low attack complexity (AC:L), requires no privileges (PR:N), needs no user interaction (UI:N), has unchanged scope (S:U), has no impact on confidentiality (C:N), high impact on integrity (I:H), and no impact on availability (A:N) (NVD).

The vulnerability allows an attacker with physical access to a Mac to bypass the Login Window security mechanism, potentially gaining unauthorized access to the system. This represents a significant security risk for environments where physical security cannot be guaranteed (Apple Support).

Apple addressed this vulnerability by implementing improved checks in the Login Window component. Users are advised to update to macOS Big Sur 11.6.5, macOS Monterey 12.3, or install Security Update 2022-003 Catalina to protect against this vulnerability (Apple Support, Apple Support, Apple Support).