cvelistv5 - cve-2022-32814

CVE-2022-32814 (GCVE-0-2022-32814)

Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-27 14:58

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

An app may be able to execute arbitrary code with kernel privileges

Assigner

apple

References

URL

Tags

	https://support.apple.com/kb/HT213344
	https://support.apple.com/en-us/HT213345
	https://support.apple.com/en-us/HT213340
	https://support.apple.com/en-us/HT213342
	https://support.apple.com/en-us/HT213346

Impacted products

Vendor

Product

Version

Apple

macOS

Affected: unspecified , < 12.5 (custom)

Apple	macOS	Affected: unspecified , < 12.5 (custom)
Apple	tvOS	Affected: unspecified , < 15.6 (custom)
Apple	watchOS	Affected: unspecified , < 8.7 (custom)
Apple	watchOS	Affected: unspecified , < 8.7 (custom)
Apple	watchOS	Affected: unspecified , < 15.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:54:02.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213344"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213345"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213340"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213342"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213346"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-32814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:58:18.272149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-27T14:58:49.150Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "8.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "8.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-10T00:00:00.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/kb/HT213344"
        },
        {
          "url": "https://support.apple.com/en-us/HT213345"
        },
        {
          "url": "https://support.apple.com/en-us/HT213340"
        },
        {
          "url": "https://support.apple.com/en-us/HT213342"
        },
        {
          "url": "https://support.apple.com/en-us/HT213346"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2022-32814",
    "datePublished": "2022-09-23T00:00:00.000Z",
    "dateReserved": "2022-06-09T00:00:00.000Z",
    "dateUpdated": "2025-05-27T14:58:49.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.6\", \"matchCriteriaId\": \"F5E4F87A-8003-43EB-99F7-35C82AEA4DC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.6\", \"matchCriteriaId\": \"B6FA9FE3-1891-405C-B191-04CAB84ADD46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.6.8\", \"matchCriteriaId\": \"21572D24-45CE-4FF4-8AFD-E13E1FE853B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.5\", \"matchCriteriaId\": \"F86C9DC9-3814-4254-A332-257455B6880A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.6\", \"matchCriteriaId\": \"83FC1965-2381-49FF-9521-355D29B28B71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.7\", \"matchCriteriaId\": \"8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de confusi\\u00f3n de tipos con un manejo de estados mejorado. Este problema ha sido corregido en watchOS versi\\u00f3n 8.7, tvOS versi\\u00f3n 15.6, iOS versi\\u00f3n 15.6 y iPadOS versi\\u00f3n 15.6, macOS Monterey versi\\u00f3n 12.5. Una aplicaci\\u00f3n puede ser capaz de ejecutar c\\u00f3digo arbitrario con privilegios del kernel\"}]",
      "id": "CVE-2022-32814",
      "lastModified": "2024-11-21T07:07:00.410",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-09-23T20:15:09.370",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT213340\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213342\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213345\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213346\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT213344\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213340\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213342\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213345\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213346\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT213344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32814\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-09-23T20:15:09.370\",\"lastModified\":\"2025-05-27T15:15:25.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de confusi\u00f3n de tipos con un manejo de estados mejorado. Este problema ha sido corregido en watchOS versi\u00f3n 8.7, tvOS versi\u00f3n 15.6, iOS versi\u00f3n 15.6 y iPadOS versi\u00f3n 15.6, macOS Monterey versi\u00f3n 12.5. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.6\",\"matchCriteriaId\":\"F5E4F87A-8003-43EB-99F7-35C82AEA4DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.6\",\"matchCriteriaId\":\"B6FA9FE3-1891-405C-B191-04CAB84ADD46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.6.8\",\"matchCriteriaId\":\"21572D24-45CE-4FF4-8AFD-E13E1FE853B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.5\",\"matchCriteriaId\":\"F86C9DC9-3814-4254-A332-257455B6880A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.6\",\"matchCriteriaId\":\"83FC1965-2381-49FF-9521-355D29B28B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.7\",\"matchCriteriaId\":\"8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213340\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213342\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213345\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213346\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213344\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213340\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/kb/HT213344\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213345\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213340\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213342\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213346\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T07:54:02.331Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-32814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-27T14:58:18.272149Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-27T14:58:45.746Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"12.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"12.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/kb/HT213344\"}, {\"url\": \"https://support.apple.com/en-us/HT213345\"}, {\"url\": \"https://support.apple.com/en-us/HT213340\"}, {\"url\": \"https://support.apple.com/en-us/HT213342\"}, {\"url\": \"https://support.apple.com/en-us/HT213346\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"An app may be able to execute arbitrary code with kernel privileges\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2022-11-10T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-32814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-27T14:58:49.150Z\", \"dateReserved\": \"2022-06-09T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2022-09-23T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

VAR-202207-1497

Vulnerability from variot - Updated: 2023-12-18 11:05

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Multiple Apple products have a type mixup vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6

iOS 15.6 and iPadOS 15.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213346.

APFS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)

AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32788: Natalie Silvanovich of Google Project Zero

AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Apple Neural Engine Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)

Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) CVE-2022-32829: an anonymous researcher

Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)

Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher

Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)

CoreMedia Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher

GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)

Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32855: an anonymous researcher

iCloud Photo Library Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones

ICU Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A logic issue was addressed with improved checks. CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security

ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Liblouis Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)

libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823

Multi-Touch Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

PluginKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

Safari Extensions Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: The issue was addressed with improved UI handling. CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University

Software Update Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative

WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval

Additional recognition

802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.

AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuMACgkQeC9qKD1p rhhc5hAA2emrXEYGmfH1M/gji0MOPflW+wrr0y8buntNyeJYFQbf1xgGkr9hmHlM DkROvVCXDzuMyH9QDOPNFGPqBTAe/5cL+auNq497f/vGVjEOZ09Y4vC/FVBBklgo kQND7CoWBhk99PgNxVdJyzkeKhBEs9JrNaIyGVqg8tChTWWghRzyyyQfHpSQfwj1 M9042Kj8w9hi4SrY9R8Oe+QrcCYw/lYo3yO6WIUfajzIs/urT175BFedXS+9l4cK 6srMpa/n67w3XZU9psQBVddlkVDymx1c5Lzuo84haM7TYNddOYDVluP+676Uq0vj 5E24vTuGLS+vdDlJri6WMJv2d7NZ8dtJAVhPioP3ThGGsAXdpT/PmNbkc5R0RbiV TKs/2CDK4+raGHlOz6leuEfUJtUD1rHLI5n21XBQY1HOvwB9CDqGc5l7FpRoMdaj DY/8yaIbWKVu1iycA2NAsxfyc9u1QTwwluGmzelpo9XdAWIZ17j6Dkalta9scCQb akHz3M1PSAYw4ljfGuYYiHElAKuZn/daeAUKZ0zMJOVdHtecliJbV3VlqMzaOKqm gXWNoBOwCow8Tj80F2dFNTvlQe91L8r7NeQAo7KCzEXbVSQqfemojtrREl5BvmWS 9s7+QxqDWAHSUr+WakmKTESMA3DTlZBhBbUXE+uNRrEwboUQKeI= =Nnrk -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-1497",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.7"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.5"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.6"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.8"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.6"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.6"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0.0"
      },
      {
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "8.7"
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6.8",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167791"
      },
      {
        "db": "PACKETSTORM",
        "id": "167790"
      },
      {
        "db": "PACKETSTORM",
        "id": "167786"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-32814",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-32814",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-32814",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-2073",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Multiple Apple products have a type mixup vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6.  Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6\n\niOS 15.6 and iPadOS 15.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213346. \n\nAPFS\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause kernel code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for devices with Apple Neural Engine: iPhone 8 and later,\niPad Pro (3rd generation) and later, iPad Air (3rd generation) and\nlater, and iPad mini (5th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\nCVE-2022-32829: an anonymous researcher\n\nApple Neural Engine\nAvailable for devices with Apple Neural Engine: iPhone 8 and later,\niPad Pro (3rd generation) and later, iPad Air (3rd generation) and\nlater, and iPad mini (5th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nCoreMedia\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\nHome\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32855: an anonymous researcher\n\niCloud Photo Library\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin\n(@patch1t)\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to disclosure\nof user information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIOMobileFrameBuffer\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app with arbitrary kernel read and write capability may be\nable to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app with arbitrary kernel read and write capability may be\nable to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)\n\nLiblouis\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPluginKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nSafari Extensions\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: The issue was addressed with improved UI handling. \nCVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National\nUniversity\n\nSoftware Update\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6 and iPadOS 15.6\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuMACgkQeC9qKD1p\nrhhc5hAA2emrXEYGmfH1M/gji0MOPflW+wrr0y8buntNyeJYFQbf1xgGkr9hmHlM\nDkROvVCXDzuMyH9QDOPNFGPqBTAe/5cL+auNq497f/vGVjEOZ09Y4vC/FVBBklgo\nkQND7CoWBhk99PgNxVdJyzkeKhBEs9JrNaIyGVqg8tChTWWghRzyyyQfHpSQfwj1\nM9042Kj8w9hi4SrY9R8Oe+QrcCYw/lYo3yO6WIUfajzIs/urT175BFedXS+9l4cK\n6srMpa/n67w3XZU9psQBVddlkVDymx1c5Lzuo84haM7TYNddOYDVluP+676Uq0vj\n5E24vTuGLS+vdDlJri6WMJv2d7NZ8dtJAVhPioP3ThGGsAXdpT/PmNbkc5R0RbiV\nTKs/2CDK4+raGHlOz6leuEfUJtUD1rHLI5n21XBQY1HOvwB9CDqGc5l7FpRoMdaj\nDY/8yaIbWKVu1iycA2NAsxfyc9u1QTwwluGmzelpo9XdAWIZ17j6Dkalta9scCQb\nakHz3M1PSAYw4ljfGuYYiHElAKuZn/daeAUKZ0zMJOVdHtecliJbV3VlqMzaOKqm\ngXWNoBOwCow8Tj80F2dFNTvlQe91L8r7NeQAo7KCzEXbVSQqfemojtrREl5BvmWS\n9s7+QxqDWAHSUr+WakmKTESMA3DTlZBhBbUXE+uNRrEwboUQKeI=\n=Nnrk\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32814"
      },
      {
        "db": "PACKETSTORM",
        "id": "167791"
      },
      {
        "db": "PACKETSTORM",
        "id": "167790"
      },
      {
        "db": "PACKETSTORM",
        "id": "167786"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32814",
        "trust": 3.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167791",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167790",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072107",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3563",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167786",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-424903",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32814",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "PACKETSTORM",
        "id": "167791"
      },
      {
        "db": "PACKETSTORM",
        "id": "167790"
      },
      {
        "db": "PACKETSTORM",
        "id": "167786"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "id": "VAR-202207-1497",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424903"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:05:21.359000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213346 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht213340"
      },
      {
        "title": "Multiple Apple product Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208992"
      },
      {
        "title": "Apple: iOS 15.6 and iPadOS 15.6",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=25de7f37f4830a629a57f79175aeaa2a"
      },
      {
        "title": "Apple: macOS Monterey 12.5",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-843",
        "trust": 1.1
      },
      {
        "problemtype": "Mistake of type (CWE-843) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213346"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht213344"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213340"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213342"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213345"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32814"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167791/apple-security-advisory-2022-07-20-6.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32814/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3563"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167790/apple-security-advisory-2022-07-20-5.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072107"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32788"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32815"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32810"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32817"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32816"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32821"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32820"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32819"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32802"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht213346"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213340."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213342."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213346."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "PACKETSTORM",
        "id": "167791"
      },
      {
        "db": "PACKETSTORM",
        "id": "167790"
      },
      {
        "db": "PACKETSTORM",
        "id": "167786"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32814"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "db": "PACKETSTORM",
        "id": "167791"
      },
      {
        "db": "PACKETSTORM",
        "id": "167790"
      },
      {
        "db": "PACKETSTORM",
        "id": "167786"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "date": "2023-10-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "date": "2022-07-22T16:24:29",
        "db": "PACKETSTORM",
        "id": "167791"
      },
      {
        "date": "2022-07-22T16:24:11",
        "db": "PACKETSTORM",
        "id": "167790"
      },
      {
        "date": "2022-07-22T16:22:17",
        "db": "PACKETSTORM",
        "id": "167786"
      },
      {
        "date": "2022-09-23T20:15:09.370000",
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "date": "2022-07-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424903"
      },
      {
        "date": "2023-10-19T01:57:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      },
      {
        "date": "2023-01-12T20:09:45.647000",
        "db": "NVD",
        "id": "CVE-2022-32814"
      },
      {
        "date": "2022-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mistype vulnerability in multiple Apple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018181"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-2073"
      }
    ],
    "trust": 0.6
  }
}

WID-SEC-W-2022-0782

Vulnerability from csaf_certbund - Published: 2022-07-20 22:00 - Updated: 2025-10-20 22:00

Summary

Apple iOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch. Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.

Angriff

Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen, seine Privilegien zu erweitern und Informationen falsch darzustellen.

Betroffene Betriebssysteme

- iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, seine Privilegien zu erweitern und Informationen falsch darzustellen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0782 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0782.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0782 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0782"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2022-07-20",
        "url": "https://support.apple.com/HT213346"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2025-10-20",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-20T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-21T08:23:25.439+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2022-0782",
      "initial_release_date": "2022-07-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-07-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz aufgenommen"
        },
        {
          "date": "2023-06-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE-2022-32860, CVE-2022-32885, CVE-2022-32948, CVE-2022-42805, CVE-2022-48503 erg\u00e4nzt"
        },
        {
          "date": "2025-10-20T22:00:00.000+00:00",
          "number": "4",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c15.6",
                "product": {
                  "name": "Apple iOS \u003c15.6",
                  "product_id": "T024029"
                }
              },
              {
                "category": "product_version",
                "name": "15.6",
                "product": {
                  "name": "Apple iOS 15.6",
                  "product_id": "T024029-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:15.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c15.6",
                "product": {
                  "name": "Apple iPadOS \u003c15.6",
                  "product_id": "T024030"
                }
              },
              {
                "category": "product_version",
                "name": "15.6",
                "product": {
                  "name": "Apple iPadOS 15.6",
                  "product_id": "T024030-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:ipados:15.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-2294",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-2294"
    },
    {
      "cve": "CVE-2022-26768",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-26768"
    },
    {
      "cve": "CVE-2022-26981",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-26981"
    },
    {
      "cve": "CVE-2022-32784",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32784"
    },
    {
      "cve": "CVE-2022-32785",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32785"
    },
    {
      "cve": "CVE-2022-32787",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32787"
    },
    {
      "cve": "CVE-2022-32788",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32788"
    },
    {
      "cve": "CVE-2022-32792",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32792"
    },
    {
      "cve": "CVE-2022-32793",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32793"
    },
    {
      "cve": "CVE-2022-32802",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32802"
    },
    {
      "cve": "CVE-2022-32810",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32810"
    },
    {
      "cve": "CVE-2022-32813",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32813"
    },
    {
      "cve": "CVE-2022-32814",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32814"
    },
    {
      "cve": "CVE-2022-32815",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32815"
    },
    {
      "cve": "CVE-2022-32816",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32816"
    },
    {
      "cve": "CVE-2022-32817",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32817"
    },
    {
      "cve": "CVE-2022-32819",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32819"
    },
    {
      "cve": "CVE-2022-32820",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32820"
    },
    {
      "cve": "CVE-2022-32821",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32821"
    },
    {
      "cve": "CVE-2022-32823",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32823"
    },
    {
      "cve": "CVE-2022-32824",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32824"
    },
    {
      "cve": "CVE-2022-32825",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32825"
    },
    {
      "cve": "CVE-2022-32826",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32826"
    },
    {
      "cve": "CVE-2022-32828",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32828"
    },
    {
      "cve": "CVE-2022-32829",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32829"
    },
    {
      "cve": "CVE-2022-32830",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32830"
    },
    {
      "cve": "CVE-2022-32832",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32832"
    },
    {
      "cve": "CVE-2022-32837",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32837"
    },
    {
      "cve": "CVE-2022-32838",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32838"
    },
    {
      "cve": "CVE-2022-32839",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32839"
    },
    {
      "cve": "CVE-2022-32840",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32840"
    },
    {
      "cve": "CVE-2022-32841",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32841"
    },
    {
      "cve": "CVE-2022-32844",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32844"
    },
    {
      "cve": "CVE-2022-32845",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32845"
    },
    {
      "cve": "CVE-2022-32847",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32847"
    },
    {
      "cve": "CVE-2022-32849",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32849"
    },
    {
      "cve": "CVE-2022-32855",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32855"
    },
    {
      "cve": "CVE-2022-32857",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32857"
    },
    {
      "cve": "CVE-2022-32860",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32860"
    },
    {
      "cve": "CVE-2022-32885",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32885"
    },
    {
      "cve": "CVE-2022-32948",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32948"
    },
    {
      "cve": "CVE-2022-42805",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-42805"
    },
    {
      "cve": "CVE-2022-48503",
      "product_status": {
        "known_affected": [
          "T024030",
          "T024029"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-48503"
    }
  ]
}

WID-SEC-W-2022-0778

Vulnerability from csaf_certbund - Published: 2022-07-20 22:00 - Updated: 2025-10-20 22:00

Summary

Apple macOS: Mehrere Schwachstellen

Notes

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuführen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0778 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0778.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0778 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0778"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisroy vom 2022-07-20",
        "url": "https://support.apple.com/en-us/HT213343"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisroy vom 2022-07-20",
        "url": "https://support.apple.com/en-us/HT213344"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisroy vom 2022-07-20",
        "url": "https://support.apple.com/en-us/HT213345"
      },
      {
        "category": "external",
        "summary": "Known Exploited Vulnerabilities Catalog vom 2025-10-20",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-20T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-21T08:28:29.099+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2022-0778",
      "initial_release_date": "2022-07-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-07-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz erg\u00e4nzt"
        },
        {
          "date": "2022-09-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE Nummern CVE-2022-32861, CVE-2022-32863, CVE-2022-32880 erg\u00e4nzt"
        },
        {
          "date": "2022-10-06T22:00:00.000+00:00",
          "number": "4",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2023-06-21T22:00:00.000+00:00",
          "number": "5",
          "summary": "CVE-2022-32885, CVE-2022-32948, CVE-2022-42805, CVE-2022-48503, CVE-2022-32860 erg\u00e4nzt"
        },
        {
          "date": "2025-10-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Catalina \u003c2022-005",
                "product": {
                  "name": "Apple macOS Catalina \u003c2022-005",
                  "product_id": "T023996"
                }
              },
              {
                "category": "product_version",
                "name": "Catalina 2022-005",
                "product": {
                  "name": "Apple macOS Catalina 2022-005",
                  "product_id": "T023996-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:catalina__2022-005"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Big Sur \u003c11.6.8",
                "product": {
                  "name": "Apple macOS Big Sur \u003c11.6.8",
                  "product_id": "T023997"
                }
              },
              {
                "category": "product_version",
                "name": "Big Sur 11.6.8",
                "product": {
                  "name": "Apple macOS Big Sur 11.6.8",
                  "product_id": "T023997-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:big_sur__11.6.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Monterey \u003c12.5",
                "product": {
                  "name": "Apple macOS Monterey \u003c12.5",
                  "product_id": "T023998"
                }
              },
              {
                "category": "product_version",
                "name": "Monterey 12.5",
                "product": {
                  "name": "Apple macOS Monterey 12.5",
                  "product_id": "T023998-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:monterey__12.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-28544",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-28544"
    },
    {
      "cve": "CVE-2021-4136",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-4136"
    },
    {
      "cve": "CVE-2021-4166",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-4166"
    },
    {
      "cve": "CVE-2021-4173",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-4173"
    },
    {
      "cve": "CVE-2021-4187",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-4187"
    },
    {
      "cve": "CVE-2021-4192",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-4192"
    },
    {
      "cve": "CVE-2021-4193",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-4193"
    },
    {
      "cve": "CVE-2021-46059",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-46059"
    },
    {
      "cve": "CVE-2022-0128",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-0128"
    },
    {
      "cve": "CVE-2022-0156",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-0156"
    },
    {
      "cve": "CVE-2022-0158",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-0158"
    },
    {
      "cve": "CVE-2022-2294",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-2294"
    },
    {
      "cve": "CVE-2022-24070",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-24070"
    },
    {
      "cve": "CVE-2022-26704",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-26704"
    },
    {
      "cve": "CVE-2022-26981",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-26981"
    },
    {
      "cve": "CVE-2022-29046",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-29046"
    },
    {
      "cve": "CVE-2022-29048",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-29048"
    },
    {
      "cve": "CVE-2022-32781",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32781"
    },
    {
      "cve": "CVE-2022-32785",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32785"
    },
    {
      "cve": "CVE-2022-32786",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32786"
    },
    {
      "cve": "CVE-2022-32787",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32787"
    },
    {
      "cve": "CVE-2022-32789",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32789"
    },
    {
      "cve": "CVE-2022-32792",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32792"
    },
    {
      "cve": "CVE-2022-32793",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32793"
    },
    {
      "cve": "CVE-2022-32796",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32796"
    },
    {
      "cve": "CVE-2022-32797",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32797"
    },
    {
      "cve": "CVE-2022-32798",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32798"
    },
    {
      "cve": "CVE-2022-32799",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32799"
    },
    {
      "cve": "CVE-2022-32800",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32800"
    },
    {
      "cve": "CVE-2022-32801",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32801"
    },
    {
      "cve": "CVE-2022-32805",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32805"
    },
    {
      "cve": "CVE-2022-32807",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32807"
    },
    {
      "cve": "CVE-2022-32810",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32810"
    },
    {
      "cve": "CVE-2022-32811",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32811"
    },
    {
      "cve": "CVE-2022-32812",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32812"
    },
    {
      "cve": "CVE-2022-32813",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32813"
    },
    {
      "cve": "CVE-2022-32814",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32814"
    },
    {
      "cve": "CVE-2022-32815",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32815"
    },
    {
      "cve": "CVE-2022-32816",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32816"
    },
    {
      "cve": "CVE-2022-32817",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32817"
    },
    {
      "cve": "CVE-2022-32818",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32818"
    },
    {
      "cve": "CVE-2022-32819",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32819"
    },
    {
      "cve": "CVE-2022-32820",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32820"
    },
    {
      "cve": "CVE-2022-32821",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32821"
    },
    {
      "cve": "CVE-2022-32823",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32823"
    },
    {
      "cve": "CVE-2022-32825",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32825"
    },
    {
      "cve": "CVE-2022-32826",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32826"
    },
    {
      "cve": "CVE-2022-32828",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32828"
    },
    {
      "cve": "CVE-2022-32829",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32829"
    },
    {
      "cve": "CVE-2022-32831",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32831"
    },
    {
      "cve": "CVE-2022-32832",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32832"
    },
    {
      "cve": "CVE-2022-32834",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32834"
    },
    {
      "cve": "CVE-2022-32837",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32837"
    },
    {
      "cve": "CVE-2022-32838",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32838"
    },
    {
      "cve": "CVE-2022-32839",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32839"
    },
    {
      "cve": "CVE-2022-32840",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32840"
    },
    {
      "cve": "CVE-2022-32841",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32841"
    },
    {
      "cve": "CVE-2022-32842",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32842"
    },
    {
      "cve": "CVE-2022-32843",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32843"
    },
    {
      "cve": "CVE-2022-32845",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32845"
    },
    {
      "cve": "CVE-2022-32847",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32847"
    },
    {
      "cve": "CVE-2022-32848",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32848"
    },
    {
      "cve": "CVE-2022-32849",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32849"
    },
    {
      "cve": "CVE-2022-32851",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32851"
    },
    {
      "cve": "CVE-2022-32852",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32852"
    },
    {
      "cve": "CVE-2022-32853",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32853"
    },
    {
      "cve": "CVE-2022-32857",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32857"
    },
    {
      "cve": "CVE-2022-32860",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32860"
    },
    {
      "cve": "CVE-2022-32861",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32861"
    },
    {
      "cve": "CVE-2022-32863",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32863"
    },
    {
      "cve": "CVE-2022-32880",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32880"
    },
    {
      "cve": "CVE-2022-32885",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32885"
    },
    {
      "cve": "CVE-2022-32910",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32910"
    },
    {
      "cve": "CVE-2022-32948",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-32948"
    },
    {
      "cve": "CVE-2022-42805",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-42805"
    },
    {
      "cve": "CVE-2022-48503",
      "product_status": {
        "known_affected": [
          "T023996",
          "T023997",
          "T023998"
        ]
      },
      "release_date": "2022-07-20T22:00:00.000+00:00",
      "title": "CVE-2022-48503"
    }
  ]
}

CERTFR-2022-AVI-665

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina sans le correctif de sécurité 2022-005
Apple	macOS	macOS Big Sur versions antérieures à 11.6.8
Apple	macOS	macOS Monterey versions antérieures à 12.5
Apple	N/A	watchOS versions antérieures à 8.7
Apple	N/A	tvOS versions antérieures à 15.6
Apple	N/A	iOS et iPadOS versions antérieures à 15.6
Apple	Safari	Safari versions antérieures à 15.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213343 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213344 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213341 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213346 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213342 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213340 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213345 du 20 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2022-005",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.8",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 8.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 15.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 15.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 15.6",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32789"
    },
    {
      "name": "CVE-2022-32841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32841"
    },
    {
      "name": "CVE-2022-32823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32823"
    },
    {
      "name": "CVE-2022-32849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32849"
    },
    {
      "name": "CVE-2022-2294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2294"
    },
    {
      "name": "CVE-2022-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-32797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32797"
    },
    {
      "name": "CVE-2022-32815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32815"
    },
    {
      "name": "CVE-2022-32837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32837"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2022-32785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32785"
    },
    {
      "name": "CVE-2022-32839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32839"
    },
    {
      "name": "CVE-2022-32852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32852"
    },
    {
      "name": "CVE-2022-32843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32843"
    },
    {
      "name": "CVE-2022-24070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-32857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32857"
    },
    {
      "name": "CVE-2022-32842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32842"
    },
    {
      "name": "CVE-2022-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
    },
    {
      "name": "CVE-2022-32845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32845"
    },
    {
      "name": "CVE-2022-32799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32799"
    },
    {
      "name": "CVE-2022-32817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32817"
    },
    {
      "name": "CVE-2022-29048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29048"
    },
    {
      "name": "CVE-2022-32820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32820"
    },
    {
      "name": "CVE-2022-32821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32821"
    },
    {
      "name": "CVE-2022-32844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32844"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-32800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32800"
    },
    {
      "name": "CVE-2021-28544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
    },
    {
      "name": "CVE-2022-32828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32828"
    },
    {
      "name": "CVE-2022-26768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2022-32826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32826"
    },
    {
      "name": "CVE-2022-32787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32787"
    },
    {
      "name": "CVE-2022-32830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32830"
    },
    {
      "name": "CVE-2022-32824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32824"
    },
    {
      "name": "CVE-2022-32834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32834"
    },
    {
      "name": "CVE-2022-32813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32813"
    },
    {
      "name": "CVE-2022-32819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32819"
    },
    {
      "name": "CVE-2022-32838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32838"
    },
    {
      "name": "CVE-2022-32811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32811"
    },
    {
      "name": "CVE-2022-32840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32840"
    },
    {
      "name": "CVE-2022-26704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
    },
    {
      "name": "CVE-2022-32814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32814"
    },
    {
      "name": "CVE-2022-32788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32788"
    },
    {
      "name": "CVE-2022-26981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26981"
    },
    {
      "name": "CVE-2022-32853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32853"
    },
    {
      "name": "CVE-2022-32801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32801"
    },
    {
      "name": "CVE-2022-32851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32851"
    },
    {
      "name": "CVE-2022-32802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32802"
    },
    {
      "name": "CVE-2022-32831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32831"
    },
    {
      "name": "CVE-2022-32798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32798"
    },
    {
      "name": "CVE-2022-32796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32796"
    },
    {
      "name": "CVE-2022-32847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32847"
    },
    {
      "name": "CVE-2022-32792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32792"
    },
    {
      "name": "CVE-2022-32829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32829"
    },
    {
      "name": "CVE-2022-29046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
    },
    {
      "name": "CVE-2022-32855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32855"
    },
    {
      "name": "CVE-2022-32784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32784"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2022-32805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32805"
    },
    {
      "name": "CVE-2022-32825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32825"
    },
    {
      "name": "CVE-2022-32810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32810"
    },
    {
      "name": "CVE-2022-32818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32818"
    },
    {
      "name": "CVE-2022-32848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32848"
    },
    {
      "name": "CVE-2022-32812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32812"
    },
    {
      "name": "CVE-2021-46059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
    },
    {
      "name": "CVE-2022-32816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32816"
    },
    {
      "name": "CVE-2022-32793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32793"
    },
    {
      "name": "CVE-2022-32781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32781"
    },
    {
      "name": "CVE-2022-32832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32832"
    },
    {
      "name": "CVE-2022-32807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32807"
    },
    {
      "name": "CVE-2022-32786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32786"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-665",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213343 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213343"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213344 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213344"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213341 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213341"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213346 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213346"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213342 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213342"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213340 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213340"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213345 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213345"
    }
  ]
}

CERTFR-2022-AVI-665

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina sans le correctif de sécurité 2022-005
Apple	macOS	macOS Big Sur versions antérieures à 11.6.8
Apple	macOS	macOS Monterey versions antérieures à 12.5
Apple	N/A	watchOS versions antérieures à 8.7
Apple	N/A	tvOS versions antérieures à 15.6
Apple	N/A	iOS et iPadOS versions antérieures à 15.6
Apple	Safari	Safari versions antérieures à 15.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213343 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213344 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213341 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213346 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213342 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213340 du 20 juillet 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213345 du 20 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2022-005",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.8",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 8.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 15.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 15.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 15.6",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32789"
    },
    {
      "name": "CVE-2022-32841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32841"
    },
    {
      "name": "CVE-2022-32823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32823"
    },
    {
      "name": "CVE-2022-32849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32849"
    },
    {
      "name": "CVE-2022-2294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2294"
    },
    {
      "name": "CVE-2022-0158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
    },
    {
      "name": "CVE-2021-4192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
    },
    {
      "name": "CVE-2022-32797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32797"
    },
    {
      "name": "CVE-2022-32815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32815"
    },
    {
      "name": "CVE-2022-32837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32837"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2022-32785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32785"
    },
    {
      "name": "CVE-2022-32839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32839"
    },
    {
      "name": "CVE-2022-32852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32852"
    },
    {
      "name": "CVE-2022-32843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32843"
    },
    {
      "name": "CVE-2022-24070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24070"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-32857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32857"
    },
    {
      "name": "CVE-2022-32842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32842"
    },
    {
      "name": "CVE-2022-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
    },
    {
      "name": "CVE-2022-32845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32845"
    },
    {
      "name": "CVE-2022-32799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32799"
    },
    {
      "name": "CVE-2022-32817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32817"
    },
    {
      "name": "CVE-2022-29048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29048"
    },
    {
      "name": "CVE-2022-32820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32820"
    },
    {
      "name": "CVE-2022-32821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32821"
    },
    {
      "name": "CVE-2022-32844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32844"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
    },
    {
      "name": "CVE-2022-32800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32800"
    },
    {
      "name": "CVE-2021-28544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28544"
    },
    {
      "name": "CVE-2022-32828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32828"
    },
    {
      "name": "CVE-2022-26768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
    },
    {
      "name": "CVE-2021-4193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
    },
    {
      "name": "CVE-2022-32826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32826"
    },
    {
      "name": "CVE-2022-32787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32787"
    },
    {
      "name": "CVE-2022-32830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32830"
    },
    {
      "name": "CVE-2022-32824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32824"
    },
    {
      "name": "CVE-2022-32834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32834"
    },
    {
      "name": "CVE-2022-32813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32813"
    },
    {
      "name": "CVE-2022-32819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32819"
    },
    {
      "name": "CVE-2022-32838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32838"
    },
    {
      "name": "CVE-2022-32811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32811"
    },
    {
      "name": "CVE-2022-32840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32840"
    },
    {
      "name": "CVE-2022-26704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
    },
    {
      "name": "CVE-2022-32814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32814"
    },
    {
      "name": "CVE-2022-32788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32788"
    },
    {
      "name": "CVE-2022-26981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26981"
    },
    {
      "name": "CVE-2022-32853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32853"
    },
    {
      "name": "CVE-2022-32801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32801"
    },
    {
      "name": "CVE-2022-32851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32851"
    },
    {
      "name": "CVE-2022-32802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32802"
    },
    {
      "name": "CVE-2022-32831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32831"
    },
    {
      "name": "CVE-2022-32798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32798"
    },
    {
      "name": "CVE-2022-32796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32796"
    },
    {
      "name": "CVE-2022-32847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32847"
    },
    {
      "name": "CVE-2022-32792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32792"
    },
    {
      "name": "CVE-2022-32829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32829"
    },
    {
      "name": "CVE-2022-29046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
    },
    {
      "name": "CVE-2022-32855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32855"
    },
    {
      "name": "CVE-2022-32784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32784"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2022-32805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32805"
    },
    {
      "name": "CVE-2022-32825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32825"
    },
    {
      "name": "CVE-2022-32810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32810"
    },
    {
      "name": "CVE-2022-32818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32818"
    },
    {
      "name": "CVE-2022-32848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32848"
    },
    {
      "name": "CVE-2022-32812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32812"
    },
    {
      "name": "CVE-2021-46059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
    },
    {
      "name": "CVE-2022-32816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32816"
    },
    {
      "name": "CVE-2022-32793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32793"
    },
    {
      "name": "CVE-2022-32781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32781"
    },
    {
      "name": "CVE-2022-32832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32832"
    },
    {
      "name": "CVE-2022-32807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32807"
    },
    {
      "name": "CVE-2022-32786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32786"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-665",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213343 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213343"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213344 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213344"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213341 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213341"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213346 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213346"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213342 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213342"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213340 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213340"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213345 du 20 juillet 2022",
      "url": "https://support.apple.com/fr-fr/HT213345"
    }
  ]
}

GHSA-RRV6-26R4-H5PJ

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-28 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-32814"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-rrv6-26r4-h5pj",
  "modified": "2022-09-28T00:00:25Z",
  "published": "2022-09-25T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32814"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213340"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213342"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213345"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213346"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-32814

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-32814

Aliases

CVE-2022-32814

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-32814",
    "description": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.",
    "id": "GSD-2022-32814"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32814"
      ],
      "details": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.",
      "id": "GSD-2022-32814",
      "modified": "2023-12-13T01:19:12.408204Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2022-32814",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An app may be able to execute arbitrary code with kernel privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT213344",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213344"
          },
          {
            "name": "https://support.apple.com/en-us/HT213345",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213345"
          },
          {
            "name": "https://support.apple.com/en-us/HT213340",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213340"
          },
          {
            "name": "https://support.apple.com/en-us/HT213342",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213342"
          },
          {
            "name": "https://support.apple.com/en-us/HT213346",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213346"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6.8",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.5",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2022-32814"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-843"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213345",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213345"
            },
            {
              "name": "https://support.apple.com/en-us/HT213342",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213342"
            },
            {
              "name": "https://support.apple.com/en-us/HT213340",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213340"
            },
            {
              "name": "https://support.apple.com/en-us/HT213346",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213346"
            },
            {
              "name": "https://support.apple.com/kb/HT213344",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT213344"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-12T20:09Z",
      "publishedDate": "2022-09-23T20:15Z"
    }
  }
}

FKIE_CVE-2022-32814

Vulnerability from fkie_nvd - Published: 2022-09-23 20:15 - Updated: 2025-05-27 15:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213340	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213342	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213345	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213346	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT213344	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213340	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213342	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213345	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213346	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213344	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	macos	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0",
              "versionEndExcluding": "15.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6FA9FE3-1891-405C-B191-04CAB84ADD46",
              "versionEndExcluding": "15.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21572D24-45CE-4FF4-8AFD-E13E1FE853B1",
              "versionEndExcluding": "11.6.8",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86C9DC9-3814-4254-A332-257455B6880A",
              "versionEndExcluding": "12.5",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FC1965-2381-49FF-9521-355D29B28B71",
              "versionEndExcluding": "15.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0",
              "versionEndExcluding": "8.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de confusi\u00f3n de tipos con un manejo de estados mejorado. Este problema ha sido corregido en watchOS versi\u00f3n 8.7, tvOS versi\u00f3n 15.6, iOS versi\u00f3n 15.6 y iPadOS versi\u00f3n 15.6, macOS Monterey versi\u00f3n 12.5. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios del kernel"
    }
  ],
  "id": "CVE-2022-32814",
  "lastModified": "2025-05-27T15:15:25.243",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-09-23T20:15:09.370",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213340"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213342"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213345"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213346"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213344"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-32814 (GCVE-0-2022-32814)

Solution

Solution

Tags

Sightings

Nomenclature