CVE-2022-32944Out-of-bounds Write in Apple Macos

CWE-787Out-of-bounds Write9 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 41.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Apple MacosApple TvosApple Watchos+7 more
Timeline
PublishedNov 1
Latest updateNov 2

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

Appleapple/macos_monterey12.6.1
CVEListV5apple/macosunspecified13
NVDapple/macos11.011.7.1+1
Appleapple/macos_big_sur11.7.1

🔴Vulnerability Details

1
GHSA
GHSA-c249-8xvm-v34c: A memory corruption issue was addressed with improved state management2022-11-02

📋Vendor Advisories

7
Apple
CVE-2022-32944: iOS 15.7.1 and iPadOS 15.7.12022-10-27
Apple
CVE-2022-32944: macOS Big Sur 11.7.12022-10-24
Apple
CVE-2022-32944: macOS Ventura 132022-10-24
Apple
CVE-2022-32944: watchOS 9.12022-10-24
Apple
CVE-2022-32944: iOS 16.1 and iPadOS 162022-10-24