CVE-2022-32894 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-32894 PUBLISHED KEV CVSS 7.800000190734863 HIGH

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

EPSS 0.19% · 40.9th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.19%

40.9th percentile

Affected Products

Vendor	Product	Versions
apple	macos	11.0, 12.0
Apple	macOS	unspecified
Apple	iOS and iPadOS	unspecified
apple	ipados	0
apple	watchos	0
apple	iphone_os	0

Timeline

Aug 17, 2022 PoC Published
Aug 18, 2022 CISA KEV Added
Aug 18, 2022 PoC Published
Aug 24, 2022 CVE Published
Aug 25, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 9, 2022 EPSS Score
Nov 23, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 7, 2023 EPSS Score
May 22, 2023 EPSS Score

References

https://support.apple.com/kb/HT213443 url
https://support.apple.com/en-us/HT213412 url
https://support.apple.com/en-us/HT213413 url
20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6 mailing-list
https://support.apple.com/kb/HT213486 url
20221030 APPLE-SA-2022-10-27-13 watchOS 9 mailing-list
20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 mailing-list
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32894 url
https://nvd.nist.gov/vuln/detail/CVE-2022-32894 advisory
https://support.apple.com/fr-fr/HT213413 advisory
https://support.apple.com/fr-fr/HT213412 advisory
https://support.apple.com/en-us/HT213443 advisory
https://support.apple.com/en-us/HT213445 advisory
https://support.apple.com/en-us/HT213442 advisory
https://support.apple.com/en-us/HT213444 advisory
https://support.apple.com/en-us/HT213446 advisory

Open in Interactive Console →