Exploitation Summary
CVE-2022-32894 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 18, 2022.
Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Aug/16
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/49
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213412
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213413
Third Party Advisory
https://support.apple.com/kb/HT213443
Third Party Advisory
https://support.apple.com/kb/HT213486
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32894
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
56.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-08-18
VulnCheck KEV
2022-08-17
InTheWild.io
2022-08-17
ENISA EUVD
EUVD-2022-35960
CWE
CWE-787
Status
published
Products (4)
apple/ipados
< 15.6.1
apple/iphone_os
< 15.6.1
apple/macos
11.0 - 11.7
apple/watchos
< 9.0
Published
Aug 24, 2022
KEV Added
Aug 18, 2022
Tracked Since
Feb 18, 2026