Vulnerability Details : CVE-2022-32917
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2022-32917
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
CVE-2022-32917 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Notes:
https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444; https://nvd.nist.gov/vuln/detail/CVE-2022-32917
Added on
2022-09-14
Action due date
2022-10-05
Exploit prediction scoring system (EPSS) score for CVE-2022-32917
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32917
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-32917
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-32917
-
http://seclists.org/fulldisclosure/2022/Oct/40
Full Disclosure: APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/45
Full Disclosure: APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7Mailing List;Third Party Advisory
-
https://support.apple.com/en-us/HT213445
About the security content of iOS 15.7 and iPadOS 15.7 - Apple SupportRelease Notes;Vendor Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/39
Full Disclosure: APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16Mailing List;Third Party Advisory
-
https://support.apple.com/en-us/HT213443
About the security content of macOS Big Sur 11.7 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT213444
About the security content of macOS Monterey 12.6 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT213446
About the security content of iOS 16 - Apple SupportRelease Notes;Vendor Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/43
Full Disclosure: APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6Mailing List;Third Party Advisory
Jump to