Cyber Resilience

CVE-2022-32832

Medium

Published: 23 September 2022

Published
23 September 2022
Modified
27 May 2025
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0890 92.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-32832 is a medium-severity an unspecified weakness vulnerability in Apple Mac Os X. Its CVSS base score is 6.7 (Medium).

Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-32832 is a memory-handling vulnerability in multiple Apple operating systems that was addressed through improved bounds checking. The flaw impacts devices running versions prior to iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, and Security Update 2022-005 Catalina.

An application already possessing root privileges can exploit the issue to execute arbitrary code with kernel-level privileges on the affected system. The CVSS 6.7 rating reflects the local attack vector and the requirement for high privileges.

Apple security advisories for the listed updates state that the vulnerability is resolved by the improved memory handling changes shipped in those releases. The associated EPSS score reached a peak of 0.1143 before receding to its current value of 0.0890.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be…

more

able to execute arbitrary code with kernel privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 15.6
apple
iphone os
≤ 15.6
apple
mac os x
10.15.7
apple
macos
10.15.7 · ≤ 10.15.7 · 11.0 — 11.6.8 · 12.0 — 12.5
apple
tvos
≤ 15.6
apple
watchos
≤ 8.7

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References