CVE-2022-32917
CVE-2022-32917
In short
A flaw in Apple's operating systems allows an app to run malicious code with the highest system privileges (kernel level), potentially taking complete control of your device. This is a serious vulnerability that Apple knows has been actively exploited in the wild.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in macOS and iOS kernels enabling privilege escalation. An untrusted application can trigger the bounds check failure to execute arbitrary code in kernel context. Exploitation requires local code execution capability; affected versions are macOS Big Sur <11.7, macOS Monterey <12.6, iOS/iPadOS <15.7, and iOS 16 prior to patching.
Summary generated and translated by AI from the official description.
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2022/Oct/39http://seclists.org/fulldisclosure/2022/Oct/40http://seclists.org/fulldisclosure/2022/Oct/43http://seclists.org/fulldisclosure/2022/Oct/45https://support.apple.com/en-us/HT213443https://support.apple.com/en-us/HT213444https://support.apple.com/en-us/HT213445https://support.apple.com/en-us/HT213446https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32917