CVE-2022-48575: A person with access to a Mac may be able to bypass Login Window.
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
Security readout for executives and security teams
Plain-English summary
This is a low-severity Apple macOS issue where someone with physical access to a Mac could bypass the Login Window. The business risk is mainly unauthorized local access to data or settings on an exposed device. Apple says the issue was fixed in macOS Monterey 12.4.
Executive priority
Treat as routine patching unless your organization has shared or publicly accessible Macs. Prioritize exposed devices because the weakness depends on physical access, not remote attack paths.
Technical view
CVE-2022-48575 is an authentication bypass in macOS Monterey’s Login Window, categorized as CWE-287. Apple describes it as a consistency issue resolved through improved state handling. The CVSS vector requires physical access, no privileges, and no user interaction, with limited confidentiality and integrity impact.
Likely exposure
Exposure is most relevant for Macs running macOS Monterey before 12.4, especially shared, kiosk, lab, retail, or unattended systems where physical access is plausible.
Exploitation context
No active exploitation is indicated in the provided sources, and the CVE is not listed as KEV. Exploitation requires physical access to the Mac, which limits scale but can matter for exposed endpoints.
Researcher notes
Public details are sparse. Apple identifies a Login Window bypass fixed by improved state handling in Monterey 12.4. The affected-version data in the bundle is imprecise, so rely on Apple’s advisory and local version inventory for scoping.
Mitigation direction
Update affected Macs to macOS Monterey 12.4 or later.
Review Apple’s advisory for any environment-specific guidance.
Prioritize devices in public, shared, or weakly supervised locations.
Validation and detection
Inventory Macs running macOS Monterey.
Confirm each affected device is on version 12.4 or later.
Check MDM or asset records for unmanaged Monterey systems.
Review physical access controls for shared or public Macs.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-287: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-287 · source CWE mapping
Improper Authentication
Improper Authentication represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.