CVE-2022-32917
Vulnerability from cvelistv5
Published
2022-09-20 00:00
Modified
2024-08-03 07:54
Severity ?
Summary
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
References
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Oct/39Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Oct/40Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Oct/43Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2022/Oct/45Mailing List, Third Party Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213443Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213444Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213445Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT213446Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/39Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/40Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/43Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Oct/45Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213443Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213444Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213445Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT213446Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
Apple macOS Version: unspecified   < 11.7
Apple macOS Version: unspecified   < 15.7
Apple macOS Version: unspecified   < 12.6
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-09-14

Due date: 2022-10-05

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444; https://nvd.nist.gov/vuln/detail/CVE-2022-32917

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:54:02.968Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213446"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213443"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213444"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/45"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-30T00:00:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213446"
        },
        {
          "url": "https://support.apple.com/en-us/HT213443"
        },
        {
          "url": "https://support.apple.com/en-us/HT213445"
        },
        {
          "url": "https://support.apple.com/en-us/HT213444"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/43"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/45"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2022-32917",
    "datePublished": "2022-09-20T00:00:00",
    "dateReserved": "2022-06-09T00:00:00",
    "dateUpdated": "2024-08-03T07:54:02.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-32917",
      "cwes": "[\"CWE-20\", \"CWE-787\"]",
      "dateAdded": "2022-09-14",
      "dueDate": "2022-10-05",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444;  https://nvd.nist.gov/vuln/detail/CVE-2022-32917",
      "product": "iOS, iPadOS, and macOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32917\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-09-20T21:15:11.200\",\"lastModified\":\"2024-11-21T07:07:13.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema con comprobaciones de l\u00edmites mejoradas. Este problema es corregido en macOS Monterey versi\u00f3n 12.6, iOS versi\u00f3n 15.7 y iPadOS versi\u00f3n 15.7, iOS versi\u00f3n 16, macOS Big Sur versi\u00f3n 11.7. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario privilegiado del kernel. Apple es consciente de un informe de que este problema puede haber sido explotado activamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2022-09-14\",\"cisaActionDue\":\"2022-10-05\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7\",\"matchCriteriaId\":\"613EE342-B8E6-4E88-B8F5-CCD918F2D704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7\",\"matchCriteriaId\":\"B639E246-8791-46E2-BAB9-E9B9E79C0F8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.7\",\"matchCriteriaId\":\"8400BA2C-947C-40A8-AD5A-9BF477397E0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.6\",\"matchCriteriaId\":\"09A274B0-D746-4C2E-A03A-CDC28DB3333E\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/39\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/40\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/43\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/45\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213443\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213444\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213445\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213446\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/45\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213446\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.