CVE-2022-32943 — Out-of-bounds Read in Apple Macos

CWE-125 — Out-of-bounds Read4 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 35.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Ipados Apple Iphone OS +2 more

Timeline

PublishedDec 15

Description

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶Appleapple/macos_ventura13.1

▶CVEListV5apple/macosunspecified — 13.1+1

▶NVDapple/ipados< 16.2

▶NVDapple/macos13.0

▶Appleapple/ios_16.2_and_ipados16.2

🔴Vulnerability Details

GHSA

GHSA-h72x-r663-chxx: The issue was addressed with improved bounds checks↗2022-12-15

▶

📋Vendor Advisories

Apple

CVE-2022-32943: macOS Ventura 13.1↗2022-12-13

▶

Apple

CVE-2022-32943: iOS 16.2 and iPadOS 16.2↗2022-12-13

▶