CVE-2022-32911

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213443	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213444	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213445	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213446	Release Notes Vendor Advisory
https://support.apple.com/kb/HT213488	Release Notes Vendor Advisory
https://support.apple.com/kb/HT213486	Release Notes Vendor Advisory
https://support.apple.com/kb/HT213487	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2022/Oct/41	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:tvos::::::::

Information

Published : 2022-09-20 14:15

Updated : 2022-11-03 18:53

NVD link : CVE-2022-32911

Mitre link : CVE-2022-32911

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

apple

tvos
macos
watchos
iphone_os
ipados

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT213443", "name": "https://support.apple.com/en-us/HT213443", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213444", "name": "https://support.apple.com/en-us/HT213444", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213445", "name": "https://support.apple.com/en-us/HT213445", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT213446", "name": "https://support.apple.com/en-us/HT213446", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://support.apple.com/kb/HT213488", "name": "https://support.apple.com/kb/HT213488", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT213486", "name": "https://support.apple.com/kb/HT213486", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT213487", "name": "https://support.apple.com/kb/HT213487", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2022/Oct/41", "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": ["Third Party Advisory"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-32911", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2022-09-20T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.7"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.7"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.6", "versionStartIncluding": "12.0.0"}, {"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "11.7", "versionStartIncluding": "11.0"}, {"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0"}, {"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "16.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-04T01:53Z"}