CVE-2022-32893
CVE-2022-32893
In short
A flaw in how Apple products process web content allows attackers to write data outside intended memory boundaries, potentially running malicious code on your device. This vulnerability is being actively exploited in the wild.
Technical detail
Out-of-bounds write vulnerability in web content processing affecting iOS, iPadOS, macOS, and Safari. The attack vector is remote via maliciously crafted web content; no user interaction beyond visiting a compromised page is required. Successful exploitation results in arbitrary code execution with the privileges of the affected application.
Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2022/Aug/16http://seclists.org/fulldisclosure/2022/Oct/49https://lists.debian.org/debian-lts-announce/2022/08/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/https://security.gentoo.org/glsa/202208-39https://support.apple.com/en-us/HT213412https://support.apple.com/en-us/HT213413https://support.apple.com/en-us/HT213414https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32893https://www.debian.org/security/2022/dsa-5219https://www.debian.org/security/2022/dsa-5220