CVE-2022-32894
Published: 24 August 2022
Summary
CVE-2022-32894 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 43.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
An out-of-bounds write vulnerability addressed through improved bounds checking affects Apple iOS, iPadOS, and macOS Monterey. The flaw is present in versions prior to iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, and it carries a CVSS 3.1 score of 7.8 under CWE-787.
A local attacker can exploit the issue by supplying a malicious application that triggers the out-of-bounds write. Successful exploitation grants the application arbitrary code execution with kernel privileges; the attack requires user interaction to open or install the application.
Apple security updates HT213412 and HT213413, along with corresponding Full Disclosure mailings, direct administrators to install the fixed releases for iOS, iPadOS, and macOS Monterey. No additional configuration changes or workarounds are documented in the advisories.
Apple has stated it is aware of reports that the vulnerability may have been actively exploited in the wild. The associated EPSS score rose from a low baseline after disclosure to a peak of 0.0136 on 2023-01-01 before receding to its current value of 0.0033.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-35960
Vulnerability details
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a…
more
report that this issue may have been actively exploited.
- CWE(s)
- KEV Date Added
- 18 August 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that remediate the out-of-bounds write flaw before local exploitation can succeed.
Mandates hardware or software memory-protection mechanisms that would block the kernel memory corruption exploited by this CVE.
Requires validation of all input data, which encompasses the bounds-checking fix Apple applied to stop the out-of-bounds write.