Description
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
Published: 2026-06-10
Score: 3.5 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local attacker with access to a Mac can bypass the Login Window, allowing them to authenticate without providing correct credentials. The flaw is due to a consistency issue in state handling within the login interface. This results in unauthorized access to the system, compromising confidentiality and integrity of user data.

Affected Systems

Apple macOS Monterey is affected. Versions older than 12.4 are vulnerable; the issue is fixed in macOS Monterey 12.4 and later.

Risk and Exploitability

The vulnerability has a CVSS score of 3.5 and no EPSS data, and it is not listed in the CISA KEV catalog, indicating a moderate overall risk. Local attackers can exploit the flaw by physically or virtually accessing the machine and interacting with the Login Window interface. No network or remote conditions are required, so the impact is limited to systems with physical or local user access.

Generated by OpenCVE AI on June 11, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Monterey 12.4 or later to apply the vendor fix
  • Ensure all future updates are applied automatically to prevent regression
  • Restrict local user privileges and enforce strong authentication to limit potential exploitation if a patch cannot be applied immediately

Generated by OpenCVE AI on June 11, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Title Bypass Login Window Check in macOS Monterey
Weaknesses CWE-284

Thu, 11 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Bypass Login Window Check in macOS Monterey
First Time appeared Apple
Apple macos Monterey
Weaknesses CWE-284
Vendors & Products Apple
Apple macos Monterey

Wed, 10 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
References

Subscriptions

Apple Macos Monterey
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-06-11T00:25:13.286Z

Reserved: 2023-07-26T19:37:54.604Z

Link: CVE-2022-48575

cve-icon Vulnrichment

Updated: 2026-06-11T00:24:51.697Z

cve-icon NVD

Status : Received

Published: 2026-06-10T22:16:52.603

Modified: 2026-06-11T02:16:42.763

Link: CVE-2022-48575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T04:30:04Z

Weaknesses