⚠ Actively exploited
Added to CISA KEV on 2022-08-18. Federal agencies required to patch by 2022-09-08. Required action: Apply updates per vendor instructions..
CVE-2022-32894 — Out-of-bounds Write in Apple IOS AND Ipados
Severity
7.8HIGHNVD
EPSS
0.2%
top 59.03%
CISA KEV
KEV
Added 2022-08-18
Due 2022-09-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
KEV addedAug 18
PublishedAug 24
KEV dueSep 8
Latest updateOct 27
CISA Required Action: Apply updates per vendor instructions.
Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages11 packages
🔴Vulnerability Details
2📋Vendor Advisories
6🕵️Threat Intelligence
6Talos▶
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?↗2022-10-27
Talos▶
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?↗2022-10-27
Qualys▶
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys↗2022-10-11
Qualys▶
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.↗2022-10-11
Qualys▶
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.↗2022-09-13