var-202209-0759
Vulnerability from variot
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. apple's iPadOS , iOS , macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-09-12-1 iOS 16
iOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213446.
Additional CVE entries to be added soon.
Contacts Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32911: Zweig of Kunlun Lab
Kernel Available for: iPhone 8 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32917: an anonymous researcher
Maps Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary Available for: iPhone 8 and later Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Safari Available for: iPhone 8 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: This issue was addressed with improved checks. CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati
Safari Extensions Available for: iPhone 8 and later Impact: A website may be able to track users through Safari web extensions Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242278 CVE-2022-32868: Michael
Shortcuts Available for: iPhone 8 and later Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2022-32872: Elite Tech Guru
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
Additional recognition
Game Center We would like to acknowledge Joshua Jones for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgEACgkQ4RjMIDke NxlhOhAApZYokZaK7dpu3iZkFM0Ko2bn4lmXIKFXx+gYrHKhUlNg1VkKaDzl+Rts 3atFGho+AwARh4Abbc7/t1cdtflcr37cFcTszZ4ONllJ2rxNkRzvZa3H5fPgOL8T j1UqNI8zvQA1OmAj2mxWo+SUbGPVYCesuX6INl0xfd6PTcTf1xKDTgo292FVAJ7c zCjVevodGNJognUy81DVhInJ1m4bMFt/3RC57o586OHyohiemdXrCAKML76qc8Eq 9gdTmB4P3NkxWTMWCbIIjX3x1FUEWkJ6liHEIMOwv/hwNGLJtI5R5QUYvbtz+a30 3L+AfZbmOs2yGVx0YQY16UtoRAEs3ig310G3MDL4ZlcHYQDWqNS2UvY2Hs0nzvkV fpFNPsuF6iDWYOjzhe9GXCzekgH8Ojva0EqQCydd1dD0frJivjWpWCYQucS52PH1 DSnjk0bLowECavj+R6C1IoCX9dKW0/Ybyugmelyn7Q1tKK0xxXUqAMgAaH1DbLVu Ca/ZN/s3lJYzFoV6DXX9wUQB0QsaQCiC/kKvvjyUVuNVxzekmTsKpI+dxzl0zAs7 0S3SqcBYnHDwjUZvqGzbFzIv9nPjDUlfsnRtBVzS67lJAj6gjNv9O1Siw+PlLP1/ nb/OZkXaQNRV0nyB9u/Mp92/V2UAvdSFTMtfrl+26WVw7Up3pAY= =QZox -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0759",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.0.0 that\u0027s all 12.6"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0 that\u0027s all 11.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "NVD",
"id": "CVE-2022-32917"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.6",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.7",
"versionStartIncluding": "11.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32917"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "168361"
},
{
"db": "PACKETSTORM",
"id": "168341"
}
],
"trust": 0.3
},
"cve": "CVE-2022-32917",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32917",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-32917",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-766",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. apple\u0027s iPadOS , iOS , macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-09-12-1 iOS 16\n\niOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213446. \n\nAdditional CVE entries to be added soon. \n\nContacts\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32911: Zweig of Kunlun Lab\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32917: an anonymous researcher \n\nMaps\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas, breakpointhq.com\n\nMediaLibrary\nAvailable for: iPhone 8 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nSafari\nAvailable for: iPhone 8 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: This issue was addressed with improved checks. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)\n@imnarendrabhati\n\nSafari Extensions\nAvailable for: iPhone 8 and later\nImpact: A website may be able to track users through Safari web\nextensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 242278\nCVE-2022-32868: Michael\n\nShortcuts\nAvailable for: iPhone 8 and later\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32872: Elite Tech Guru\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nAdditional recognition\n\nGame Center\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgEACgkQ4RjMIDke\nNxlhOhAApZYokZaK7dpu3iZkFM0Ko2bn4lmXIKFXx+gYrHKhUlNg1VkKaDzl+Rts\n3atFGho+AwARh4Abbc7/t1cdtflcr37cFcTszZ4ONllJ2rxNkRzvZa3H5fPgOL8T\nj1UqNI8zvQA1OmAj2mxWo+SUbGPVYCesuX6INl0xfd6PTcTf1xKDTgo292FVAJ7c\nzCjVevodGNJognUy81DVhInJ1m4bMFt/3RC57o586OHyohiemdXrCAKML76qc8Eq\n9gdTmB4P3NkxWTMWCbIIjX3x1FUEWkJ6liHEIMOwv/hwNGLJtI5R5QUYvbtz+a30\n3L+AfZbmOs2yGVx0YQY16UtoRAEs3ig310G3MDL4ZlcHYQDWqNS2UvY2Hs0nzvkV\nfpFNPsuF6iDWYOjzhe9GXCzekgH8Ojva0EqQCydd1dD0frJivjWpWCYQucS52PH1\nDSnjk0bLowECavj+R6C1IoCX9dKW0/Ybyugmelyn7Q1tKK0xxXUqAMgAaH1DbLVu\nCa/ZN/s3lJYzFoV6DXX9wUQB0QsaQCiC/kKvvjyUVuNVxzekmTsKpI+dxzl0zAs7\n0S3SqcBYnHDwjUZvqGzbFzIv9nPjDUlfsnRtBVzS67lJAj6gjNv9O1Siw+PlLP1/\nnb/OZkXaQNRV0nyB9u/Mp92/V2UAvdSFTMtfrl+26WVw7Up3pAY=\n=QZox\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "VULHUB",
"id": "VHN-425006"
},
{
"db": "VULMON",
"id": "CVE-2022-32917"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "168361"
},
{
"db": "PACKETSTORM",
"id": "168341"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-425006",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425006"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32917",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "168361",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.4527",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-766",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168341",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168342",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-425006",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32917",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425006"
},
{
"db": "VULMON",
"id": "CVE-2022-32917"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "168361"
},
{
"db": "PACKETSTORM",
"id": "168341"
},
{
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"id": "VAR-202209-0759",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-425006"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:25:03.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213445 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht213443"
},
{
"title": "Apple macOS Big Sur Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=208770"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/administrative2022/cve-2022-32917-poc "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/09/12/apple_patched_exploited_flaws/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32917"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425006"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "NVD",
"id": "CVE-2022-32917"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/39"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/40"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213443"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213445"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213446"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32917"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4527"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168361/apple-security-advisory-2022-09-12-4.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32917/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32883"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32872"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886"
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://github.com/administrative2022/cve-2022-32917-poc"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/09/12/apple_patched_exploited_flaws/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/tr-tr/ht213445"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213445."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32896"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213446."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-425006"
},
{
"db": "VULMON",
"id": "CVE-2022-32917"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "168361"
},
{
"db": "PACKETSTORM",
"id": "168341"
},
{
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-425006"
},
{
"db": "VULMON",
"id": "CVE-2022-32917"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "168361"
},
{
"db": "PACKETSTORM",
"id": "168341"
},
{
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-425006"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"date": "2022-09-13T15:27:13",
"db": "PACKETSTORM",
"id": "168342"
},
{
"date": "2022-09-13T15:44:52",
"db": "PACKETSTORM",
"id": "168361"
},
{
"date": "2022-09-13T15:26:55",
"db": "PACKETSTORM",
"id": "168341"
},
{
"date": "2022-09-20T21:15:11.200000",
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"date": "2022-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-425006"
},
{
"date": "2023-10-24T01:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-018922"
},
{
"date": "2022-12-07T03:12:43.663000",
"db": "NVD",
"id": "CVE-2022-32917"
},
{
"date": "2022-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Apple products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018922"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-766"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.