Exploitation Summary
CVE-2022-32917 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 14, 2022.
Description
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
References (9)
Core 9
Core References
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/39
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/40
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213443
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213444
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213445
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213446
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32917
Scores
CVSS v3
7.8
EPSS
0.0092
EPSS Percentile
76.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-09-14
VulnCheck KEV
2022-09-12
InTheWild.io
2022-09-12
ENISA EUVD
EUVD-2022-35983
CWE
CWE-787
Status
published
Products (3)
apple/ipados
< 15.7
apple/iphone_os
< 15.7
apple/macos
11.0 - 11.7
Published
Sep 20, 2022
KEV Added
Sep 14, 2022
Tracked Since
Feb 18, 2026