⚠ Actively exploited
Added to CISA KEV on 2022-08-18. Federal agencies required to patch by 2022-09-08. Required action: Apply updates per vendor instructions..

CVE-2022-32893

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation14 documents10 sources
Severity
8.8HIGH
EPSS
0.2%
top 62.82%
CISA KEV
KEV
Added 2022-08-18
Due 2022-09-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Apple IOS AND IpadosApple MacosApple Safari+6 more
Timeline
KEV addedAug 18
PublishedAug 24
KEV dueSep 8
Latest updateSep 14
CISA Required Action: Apply updates per vendor instructions.

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

CVEListV5apple/macosunspecified12.5
NVDapple/macos12.012.5.1
CVEListV5apple/safariunspecified15.6
NVDapple/ipados< 15.6.1
NVDapple/safari< 15.6.1

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36

🔴Vulnerability Details

4
GHSA
GHSA-qjpw-c5xf-g33j: An out-of-bounds write issue was addressed with improved bounds checking2022-08-25
CVEList
CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking2022-08-24
OSV
CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking2022-08-24
VulnCheck
Apple iOS and macOS Out-of-Bounds Write Vulnerability2022

📋Vendor Advisories

9
Ubuntu
WebKitGTK vulnerability2022-09-14
Apple
CVE-2022-32893: watchOS 92022-09-12
Apple
CVE-2022-32893: iOS 12.5.62022-08-31
Red Hat
webkitgtk: processing maliciously crafted web content may lead to arbitrary code execution2022-08-25
Apple
CVE-2022-32893: Safari 15.6.12022-08-18