cbcvebase.
CVE-2022-32894
published 2022-08-24

CVE-2022-32894: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An…

PriorityP184high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-08
Exploited in the wild
EPSS
3.26%
86.8th percentile
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Affected

12 ranges
VendorProductVersion rangeFixed in
appleios
appleios_15.6.1_and_ipados
appleios_and_ipados>= unspecified < 15.615.6
appleipados< 15.6.115.6.1
appleiphone_os< 15.6.115.6.1
applemacos>= 11.0 < 11.711.7
applemacos>= 12.0 < 12.5.112.5.1
applemacos>= unspecified < 12.512.5
applemacos_big_sur
applemacos_monterey
applewatchos< 9.09.0
applewatchos_9

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-32894 is an out-of-bounds write vulnerability in the Apple kernel (XNU); look for applications attempting to execute code with kernel privileges on iOS/iPadOS 15.x and macOS Monterey 12.x prior to patched versions
  • CVE-2022-32894 was actively exploited in the wild; treat any unpatched Apple device (iOS/iPadOS <15.6.1, macOS Monterey <12.5.1) as a high-priority detection target for kernel-privilege escalation attempts
  • CVE-2022-32894 is part of a pattern of kernel out-of-bounds write vulnerabilities chained across Apple patch cycles (alongside CVE-2022-32917 and CVE-2022-42827); monitor for exploitation chains targeting the Apple kernel component across successive iOS/macOS releases
  • CVE-2022-32894 affects the Kernel component specifically; focus detection on kernel-level privilege escalation from user-space applications on affected Apple platforms
  • ·CISA mandated remediation deadline was 2022-09-08; any device still unpatched past this date should be treated as actively at risk
  • ·The vulnerability also affects older iOS 12 devices (patched in iOS 12.5.6), broadening the affected device surface beyond the primary iOS 15.6.1/macOS 12.5.1 advisory

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.