CVE-2022-32832
Published: 23 September 2022
Summary
CVE-2022-32832 is a medium-severity an unspecified weakness vulnerability in Apple Mac Os X. Its CVSS base score is 6.7 (Medium).
Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-32832 is a memory-handling vulnerability in multiple Apple operating systems that was addressed through improved bounds checking. The flaw impacts devices running versions prior to iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, and Security Update 2022-005 Catalina.
An application already possessing root privileges can exploit the issue to execute arbitrary code with kernel-level privileges on the affected system. The CVSS 6.7 rating reflects the local attack vector and the requirement for high privileges.
Apple security advisories for the listed updates state that the vulnerability is resolved by the improved memory handling changes shipped in those releases. The associated EPSS score reached a peak of 0.1143 before receding to its current value of 0.0890.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-35898
Vulnerability details
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be…
more
able to execute arbitrary code with kernel privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.