Apple iOS and macOS Out-of-Bounds Write Vulnerability
Summary
| CVE | CVE-2022-32893 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-24 20:15:00 UTC |
| Updated | 2023-11-07 03:48:00 UTC |
| Description | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
Risk And Classification
EPSS: 0.001630000 probability, percentile 0.372420000 (date 2026-04-11)
CISA KEV: Listed on 2022-08-18; due 2022-09-08; ransomware use Unknown
Problem Types: CWE-787
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | iOS and macOS |
| Name | Apple iOS and macOS Out-of-Bounds Write Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32893 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Webkitgtk | Webkitgtk | All | All | All | All |
| Application | Wpewebkit | Wpe Webkit | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | MLIST | www.openwall.com | |
| Full Disclosure: APPLE-SA-2022-10-27-13 watchOS 9 | FULLDISC | seclists.org | |
| oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | MLIST | www.openwall.com | |
| Debian -- Security Information -- DSA-5220-1 wpewebkit | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 36 Update: webkit2gtk3-2.36.7-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Debian -- Security Information -- DSA-5219-1 webkit2gtk | DEBIAN | www.debian.org | |
| WebKitGTK+: Multiple Vulnerabilities (GLSA 202208-39) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 35 Update: webkit2gtk3-2.36.7-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | MLIST | www.openwall.com | Third Party Advisory |
| [SECURITY] Fedora 35 Update: webkit2gtk3-2.36.7-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | MLIST | www.openwall.com | |
| oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | MLIST | www.openwall.com | |
| oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 | MLIST | www.openwall.com | |
| [SECURITY] [DLA 3087-1] webkit2gtk security update | MLIST | lists.debian.org | |
| About the security content of iOS 15.6.1 and iPadOS 15.6.1 - Apple Support | MISC | support.apple.com | |
| About the security content of macOS Monterey 12.5.1 - Apple Support | MISC | support.apple.com | |
| About the security content of Safari 15.6.1 - Apple Support | MISC | support.apple.com | |
| [SECURITY] Fedora 36 Update: webkit2gtk3-2.36.7-1.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Full Disclosure: APPLE-SA-2022-08-31-1 iOS 12.5.6 | FULLDISC | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160104 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-6634)
- 160113 Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-6540)
- 180973 Debian Security Update for webkit2gtk (DSA 5219-1)
- 180974 Debian Security Update for wpewebkit (DSA 5220-1)
- 180979 Debian Security Update for webkit2gtk (DLA 3087-1)
- 182384 Debian Security Update for webkit2gtkwpewebkit (CVE-2022-32893)
- 198937 Ubuntu Security Notification for WebKitGTK Vulnerability (USN-5611-1)
- 240671 Red Hat Update for webkit2gtk3 (RHSA-2022:6540)
- 240675 Red Hat Update for webkit2gtk3 (RHSA-2022:6634)
- 283070 Fedora Security Update for webkit2gtk3 (FEDORA-2022-eada5f24a0)
- 283103 Fedora Security Update for webkit2gtk3 (FEDORA-2022-ddfeee50c9)
- 376830 Apple macOS Monterey 12.5.1 Not Installed (HT213413)
- 376842 Apple Safari Remote Code Execution (RCE) Vulnerability (HT213414)
- 377604 Alibaba Cloud Linux Security Update for webkit2gtk3 (ALINUX3-SA-2022:0162)
- 610426 Apple iOS 15.6.1 and iPadOS 15.6.1 Security Update Missing
- 610427 Apple iOS 12.5.6 Security Update Missing
- 710613 Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202208-39)
- 752555 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:3136-1)
- 752558 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:3137-1)
- 752608 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:3351-1)
- 752609 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:3352-1)
- 940672 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:6540)
- 940690 AlmaLinux Security Update for webkit2gtk3 (ALSA-2022:6634)
- 960448 Rocky Linux Security Update for webkit2gtk3 (RLSA-2022:6540)
- 960569 Rocky Linux Security Update for webkit2gtk3 (RLSA-2022:6634)