← back
CVE-2022-32894

CVE-2022-32894

CVSS 7.8 HIGHEPSS 3.3%● KEVCWE-787
In short

A flaw in Apple's iOS, iPadOS, and macOS allows an app to write data beyond allowed memory limits, potentially letting it run malicious code with the highest system privileges. This is dangerous because attackers could take complete control of your device.

Technical detail

An out-of-bounds write vulnerability (CWE-787) in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 allows a malicious application to corrupt kernel memory and achieve arbitrary code execution with kernel privileges. The vulnerability requires local app execution and has been observed in active exploitation campaigns.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2022/Aug/16http://seclists.org/fulldisclosure/2022/Oct/45http://seclists.org/fulldisclosure/2022/Oct/49https://support.apple.com/en-us/HT213412https://support.apple.com/en-us/HT213413https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213486https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32894