CVE-2022-46689: 
Apple Safari vulnerability analysis and mitigation

A race condition vulnerability (CVE-2022-46689) was discovered in Apple's kernel that could allow an app to execute arbitrary code with kernel privileges. The vulnerability affects multiple Apple operating systems including tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. The vulnerability was discovered by Ian Beer of Google Project Zero and was fixed in December 2022 (Apple Security).

The vulnerability is a race condition in the kernel that was addressed with additional validation. The vulnerability has a CVSS v3.1 base score of 7.0 (High) with the following vector: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high attack complexity, no privileges, and user interaction, but can result in high impacts to confidentiality, integrity and availability (NVD).

If successfully exploited, this vulnerability allows an unprivileged application to execute arbitrary code with kernel privileges, effectively gaining complete control over the affected device. The vulnerability is described as the macOS equivalent of the Dirty Cow vulnerability, allowing for an unprivileged user to execute code as root (AttackerKB).

Apple has released security updates to address this vulnerability in multiple operating system versions. Users should update to tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, or watchOS 9.2 as appropriate for their devices (Apple Security).