CVE-2022-32832

MEDIUM

iPadOS < 15.6 - Authenticated Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-32832. PoCs published by Muirey03, AkbarTrilaksana.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2022-32832, a race condition vulnerability in AppleAPFSUserClient::methodDeltaCreateFinalize. The exploit triggers a double-free by racing two calls to the vulnerable method, leading to a kernel panic on vulnerable macOS versions.

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Exploits (2)

nomisec WORKING POC 96 stars

by Muirey03 · poc

https://github.com/Muirey03/CVE-2022-32832

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2022-32832, a race condition vulnerability in AppleAPFSUserClient::methodDeltaCreateFinalize. The exploit triggers a double-free by racing two calls to the vulnerable method, leading to a kernel panic on vulnerable macOS versions.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Apple APFS (macOS 12.5 beta 2 and earlier)

Auth required

Prerequisites: Root privileges · Vulnerable macOS version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by AkbarTrilaksana · poc

https://github.com/AkbarTrilaksana/CVE-2022-32832