CVE-2022-32894
published 2022-08-24CVE-2022-32894: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An…
PriorityP184high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-08
Exploited in the wild
EPSS
3.26%
86.8th percentile
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios_15.6.1_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 15.6 | 15.6 |
| apple | ipados | < 15.6.1 | 15.6.1 |
| apple | iphone_os | < 15.6.1 | 15.6.1 |
| apple | macos | >= 11.0 < 11.7 | 11.7 |
| apple | macos | >= 12.0 < 12.5.1 | 12.5.1 |
| apple | macos | >= unspecified < 12.5 | 12.5 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | watchos | < 9.0 | 9.0 |
| apple | watchos_9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-32894 is an out-of-bounds write vulnerability in the Apple kernel (XNU); look for applications attempting to execute code with kernel privileges on iOS/iPadOS 15.x and macOS Monterey 12.x prior to patched versions ↗
- →CVE-2022-32894 was actively exploited in the wild; treat any unpatched Apple device (iOS/iPadOS <15.6.1, macOS Monterey <12.5.1) as a high-priority detection target for kernel-privilege escalation attempts ↗
- →CVE-2022-32894 is part of a pattern of kernel out-of-bounds write vulnerabilities chained across Apple patch cycles (alongside CVE-2022-32917 and CVE-2022-42827); monitor for exploitation chains targeting the Apple kernel component across successive iOS/macOS releases ↗
- →CVE-2022-32894 affects the Kernel component specifically; focus detection on kernel-level privilege escalation from user-space applications on affected Apple platforms ↗
- ·CISA mandated remediation deadline was 2022-09-08; any device still unpatched past this date should be treated as actively at risk ↗
- ·The vulnerability also affects older iOS 12 devices (patched in iOS 12.5.6), broadening the affected device surface beyond the primary iOS 15.6.1/macOS 12.5.1 advisory ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-32894: macOS Big Sur 11.7
vendor_apple·2022-09-12·CVSS 7.8
CVE-2022-32894 [HIGH] CVE-2022-32894: macOS Big Sur 11.7
Apple Security Update: About the security content of macOS Big Sur 11.7
Product: macOS Big Sur
Version: 11.7
CVE: CVE-2022-32894
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32894: watchOS 9
vendor_apple·2022-09-12·CVSS 7.8
CVE-2022-32894 [HIGH] CVE-2022-32894: watchOS 9
Apple Security Update: About the security content of watchOS 9
Product: watchOS 9
CVE: CVE-2022-32894
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32894: iOS 12.5.6
vendor_apple·2022-08-31·CVSS 7.8
CVE-2022-32894 [HIGH] CVE-2022-32894: iOS 12.5.6
Apple Security Update: About the security content of iOS 12.5.6
Product: iOS
Version: 12.5.6
CVE: CVE-2022-32894
Component: About Apple security updates
CISA
Apple iOS and macOS Out-of-Bounds Write Vulnerability
cisa·2022-08-18·CVSS 7.8
CVE-2022-32894 [HIGH] CWE-20 Apple iOS and macOS Out-of-Bounds Write Vulnerability
Vulnerability: Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affected: Apple iOS and macOS
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32894
Remediation Due Date: 2022-09-08
Apple
CVE-2022-32894: macOS Monterey 12.5.1
vendor_apple·2022-08-17·CVSS 7.8
CVE-2022-32894 [HIGH] CVE-2022-32894: macOS Monterey 12.5.1
Apple Security Update: About the security content of macOS Monterey 12.5.1
Product: macOS Monterey
Version: 12.5.1
CVE: CVE-2022-32894
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
Apple
CVE-2022-32894: iOS 15.6.1 and iPadOS 15.6.1
vendor_apple·2022-08-17·CVSS 7.8
CVE-2022-32894 [HIGH] CVE-2022-32894: iOS 15.6.1 and iPadOS 15.6.1
Apple Security Update: About the security content of iOS 15.6.1 and iPadOS 15.6.1
Product: iOS 15.6.1 and iPadOS
Version: 15.6.1
CVE: CVE-2022-32894
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
GHSA
GHSA-h6g8-mfgc-3jjc: An out-of-bounds write issue was addressed with improved bounds checking
ghsa_unreviewed·2022-08-25
CVE-2022-32894 [HIGH] CWE-787 GHSA-h6g8-mfgc-3jjc: An out-of-bounds write issue was addressed with improved bounds checking
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
VulnCheck
Apple iOS and macOS Out-of-Bounds Write Vulnerability
vulncheck·2022·CVSS 7.8
CVE-2022-32894 [HIGH] CWE-20 Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Affected: Apple iOS and macOS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/kb/HT213412; https://support.apple.com/kb/HT213413; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://support.apple.com/kb/HT213428; https://support.apple.com/kb/HT213443; https://support.apple.com/kb/HT213486; https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/summary/2023/360_APT_Annual_Research_Report_2022.pdf
Remedi
No detection rules found.
No public exploits indexed.
Talos
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
blogs_talos·2022-10-27
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
## Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
Welcome to this week’s edition of the Threat Source newsletter.
There are plenty of jokes about whether we’re “aware” of cybersecurity during National Cybersecurity Awareness Month. But now I’m wondering if people are aware of supply chain attacks.
I thought we hit the pinnacle of supply chain attacks in 2020 with the SolarWinds attack , when these types of attacks dominated headlines and defenders started shouting from the mountaintops about how important it is to be ready for supply chain attacks.
And then Kaseya came along a few months later when attackers found a different way to deploy malicious updates that were disguised as legitimate patches.
And still today, we’re warning abo
Talos
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
blogs_talos·2022-10-27
Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
Welcome to this week’s edition of the Threat Source newsletter.
There are plenty of jokes about whether we’re “aware” of cybersecurity during National Cybersecurity Awareness Month. But now I’m wondering if people are aware of supply chain attacks.
I thought we hit the pinnacle of supply chain attacks in 2020 with the SolarWinds attack, when these types of attacks dominated headlines and defenders started shouting from the mountaintops about how important it is to be ready for supply chain attacks.
And then Kaseya came along a few months later when attackers found a different way to deploy malicious updates that were disguised as legitimate patches.
And still today, we’re warning about the dangers of how prevalent supply chain attacks are and how everyone needs to be ready for this att
Qualys
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys
blogs_qualys·2022-10-11·CVSS 7.8
[HIGH] October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical. | Qualys
#### Table of Contents
- Microsoft Patch Tuesday Summary
- Microsoft Exchange ProxyNotShell Zero-Days Not Yet Addressed (QID 50122)
- The October 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Two Zero-Day Vulnerabilities Addressed
- Microsoft Critical Vulnerability Highlights
- Microsoft Release Summary
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Research Blog Posts
- Qualys Threat Protection High-Rated Advisories
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response(VMDR)
- Rapid Response With Patch Management (PM)
- EXECUTE Mitigation Using Custom Assessment and Remediation (CAR)
- EVALUATE Vendor-Suggested Mitigation With Policy Compliance (PC)
- This Month
Qualys
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.
blogs_qualys·2022-10-11·CVSS 7.8
[HIGH] October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 13 Critical, Plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities With 17 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
Microsoft Exchange ProxyNotShell Zero-Days Not Yet Addressed (QID 50122)
The October 2022 Microsoft Vulnerabilities Are Classified As Follows:
Two Zero-Day Vulnerabilities Addressed
Microsoft Critical Vulnerability Highlights
Microsoft Release Summary
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Research Blog Posts
Qualys Threat Protection High-Rated Advisories
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response(VMDR)
Rapid Response With Patch Management (PM)
EXECUTE Mitigation Using Custom Assessment and Remediation (CAR)
EVALUATE Vendor-Suggested Mitigation With Policy Compliance (PC)
This Month in Vulnerabilities
Qualys
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.
blogs_qualys·2022-09-13·CVSS 5.6
[MEDIUM] September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
The September 2022 Microsoft Vulnerabilities Are Classified As Follows:
Notable Microsoft Vulnerabilities Patched
Zero-Day Vulnerabilities Addressed
Microsoft Important Vulnerability Highlights
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Protection High-Rated Advisories from August to September 2022 Patch Tuesday Advisory
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
Rapid Response With Patch Management (PM)
Evaluate Vendor-Suggested Workarounds With Policy Compliance
Qualys This Month in Vulnerabilities and Patches Webinar Series
Join the Webinar This Month in Vulnerabilities & Patches
NEW & NOTEWORTHY
Qualys
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy
blogs_qualys·2022-09-13·CVSS 5.6
[MEDIUM] September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy
#### Table of Contents
- Microsoft Patch Tuesday Summary
- The September 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Notable Microsoft Vulnerabilities Patched
- Zero-Day Vulnerabilities Addressed
- Microsoft Important Vulnerability Highlights
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Protection High-Rated Advisories from August to September 2022 Patch Tuesday Advisory
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
- Rapid Response With Patch Management (PM)
- Evaluate Vendor-Suggested Workarounds With Policy Compliance
- Qualys This Month in Vulnerabilities and Patches Webinar Series
- Join the Webinar This Month in Vulnerabilities & Patches
-
Checkpoint
22th August – Threat Intelligence Report
blogs_checkpoint·2022-08-22
CVE-2022-32893 22th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 22th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22th August, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
South Staffordshire Water, UK’s largest water company supplying 330M liters of drinking water to 1.6M consumers daily, has been a victim of ransomware attack launched by Cl0p, a Russian-speaking ransomware gang. The group caused disruption of the company’s IT systems, allowing them access to more than 5TB of data including
http://seclists.org/fulldisclosure/2022/Aug/16http://seclists.org/fulldisclosure/2022/Oct/45http://seclists.org/fulldisclosure/2022/Oct/49https://support.apple.com/en-us/HT213412https://support.apple.com/en-us/HT213413https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213486http://seclists.org/fulldisclosure/2022/Aug/16http://seclists.org/fulldisclosure/2022/Oct/45http://seclists.org/fulldisclosure/2022/Oct/49https://support.apple.com/en-us/HT213412https://support.apple.com/en-us/HT213413https://support.apple.com/kb/HT213443https://support.apple.com/kb/HT213486https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32894
2022-08-24
Published
2022-08-18
Added to CISA KEV
Exploited in the wild