Cyber Resilience

CVE-2022-32894

HighCISA KEVActive ExploitationEUVD Exploited

Published: 24 August 2022

Published
24 August 2022
Modified
23 October 2025
KEV Added
18 August 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0033 56.5th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-32894 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 43.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

An out-of-bounds write vulnerability addressed through improved bounds checking affects Apple iOS, iPadOS, and macOS Monterey. The flaw is present in versions prior to iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, and it carries a CVSS 3.1 score of 7.8 under CWE-787.

A local attacker can exploit the issue by supplying a malicious application that triggers the out-of-bounds write. Successful exploitation grants the application arbitrary code execution with kernel privileges; the attack requires user interaction to open or install the application.

Apple security updates HT213412 and HT213413, along with corresponding Full Disclosure mailings, direct administrators to install the fixed releases for iOS, iPadOS, and macOS Monterey. No additional configuration changes or workarounds are documented in the advisories.

Apple has stated it is aware of reports that the vulnerability may have been actively exploited in the wild. The associated EPSS score rose from a low baseline after disclosure to a peak of 0.0136 on 2023-01-01 before receding to its current value of 0.0033.

EU & UK References

Vulnerability details

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a…

more

report that this issue may have been actively exploited.

CWE(s)
KEV Date Added
18 August 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 15.6.1
apple
iphone os
≤ 15.6.1
apple
macos
11.0 — 11.7 · 12.0 — 12.5.1
apple
watchos
≤ 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the out-of-bounds write flaw before local exploitation can succeed.

prevent

Mandates hardware or software memory-protection mechanisms that would block the kernel memory corruption exploited by this CVE.

prevent

Requires validation of all input data, which encompasses the bounds-checking fix Apple applied to stop the out-of-bounds write.

References