CVE Vulnerability

CVE-2022-32917

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/HT213443 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213444 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213445 Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213446 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2022/Oct/39 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/40 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/45 Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Information

Published : 2022-09-20 09:15

Updated : 2022-12-07 03:12

NVD link : CVE-2022-32917

Mitre link : CVE-2022-32917

Products Affected
No products.
CWE
CWE-787