CVE-2022-32917

HIGH KEV

Apple Ipados < 15.7 - Out-of-Bounds Write

Title source: rule

Description

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

References (9)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Oct/39

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Oct/40

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Oct/43

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Oct/45

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213443

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213444

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213445

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213446

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32917

Scores

CVSS v3 7.8

EPSS 0.0059

EPSS Percentile 69.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-09-14

VulnCheck KEV 2022-09-12

InTheWild.io 2022-09-12

ENISA EUVD EUVD-2022-35983

CWE

CWE-787

Status published

Products (3)

apple/ipados < 15.7

apple/iphone_os < 15.7

apple/macos 11.0 - 11.7

Published Sep 20, 2022

KEV Added Sep 14, 2022

Tracked Since Feb 18, 2026