CVE-2022-32917

Published on: Not Yet Published

Last Modified on: 10/31/2022 12:15:00 AM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ipados from Apple contain the following vulnerability:

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2022-32917 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Apple - iOS version < 16
  • Affected Vendor/Software: URL Logo Apple - macOS version < 11.7
  • Affected Vendor/Software: URL Logo Apple - macOS version < 15.7
  • Affected Vendor/Software: URL Logo Apple - macOS version < 12.6

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVE References

Description Tags Link
Full Disclosure: APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 seclists.org
text/html
URL Logo FULLDISC 20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
Full Disclosure: APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7 seclists.org
text/html
URL Logo FULLDISC 20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7
About the security content of iOS 16 - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213446
Full Disclosure: APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 seclists.org
text/html
URL Logo FULLDISC 20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6
Full Disclosure: APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16 seclists.org
text/html
URL Logo FULLDISC 20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
About the security content of macOS Monterey 12.6 - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213444
About the security content of macOS Big Sur 11.7 - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213443
About the security content of iOS 15.7 and iPadOS 15.7 - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213445

Related QID Numbers

  • 376980 Apple macOS Big Sur 11.7 Not Installed (HT213443)
  • 376981 Apple macOS Monterey 12.6 Not Installed (HT213444)
  • 610446 Apple iOS 16 Security Update Missing
  • 610447 Apple iOS 15.7 and iPadOS 15.7 Security Update Missing
  • 610448 Apple iOS 15.7 and iPadOS 15.7 Security Update Missing

Exploit/POC from Github

APPLE IOS/IPADOS UP TO 15.6.1 KERNEL LOCAL PRIVILEGE ESCALATION

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
AppleIpadosAllAllAllAll
Operating
System
AppleIphone OsAllAllAllAll
Operating
System
AppleMacosAllAllAllAll
  • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @revskills CVE-2022-32917 Apple is aware of a report that this issue may have been actively exploited. twitter.com/revskills/stat… 2022-09-12 17:37:51
Twitter Icon @ApplSec ? EMERGENCY UPDATES ? Apple pushed updates for a new Kernel zero-day (CVE-2022-32917) that may have been actively… twitter.com/i/web/status/1… 2022-09-12 17:40:24
Twitter Icon @LindseyOD123 CVE-2022-32917: #Apple is aware of a report that this issue may have been actively exploited. https://t.co/JRzqjEJn7v 2022-09-12 18:42:40
Twitter Icon @SecurityWeek URGENT: Apple Warns of macOS Kernel Zero-Day Exploitation - securityweek.com/apple-warns-ma… (CVE-2022-32894 and CVE-2022-32917) 2022-09-12 19:25:49
Twitter Icon @MrsYisWhy SecurityWeek: URGENT: Apple Warns of macOS Kernel Zero-Day Exploitation - securityweek.com/apple-warns-ma… (CVE-2022-32894 and CVE-2022-32917) 2022-09-12 19:29:16
Twitter Icon @macmacintosh Blog更新しました(*^_^*)→ macOS Monterey 12.6 (21G115)リリース。 【重要なセキュリティアップデートの実施】 積極的に悪用された可能性がある脆弱性(CVE-2022-32917)に対処。 -… twitter.com/i/web/status/1… 2022-09-12 20:40:32
Twitter Icon @SussmanScott 15.7 patches no less than 3 kernel exploits: CVE-2022-32911, CVE-2022-32917, and CVE-2022-32864. That last one was… twitter.com/i/web/status/1… 2022-09-12 23:34:18
Twitter Icon @ZecOps iOS 15.7 is out and it fixed CVE-2022-32917 which was likely exploited in the wild. Update as soon as you can. support.apple.com/en-us/HT213445 2022-09-12 23:41:43
Twitter Icon @ipssignatures The vuln CVE-2022-32917 has a tweet created 0 days ago and retweeted 17 times. twitter.com/SecurityWeek/s… #pow1rtrtwwcve 2022-09-13 00:06:00
Twitter Icon @autumn_good_35 ??? 『Apple is aware of a report that this issue may have been actively exploited.』(CVE-2022-32917) About the secur… twitter.com/i/web/status/1… 2022-09-13 00:47:28
Twitter Icon @ipssignatures The vuln CVE-2022-32917 has a tweet created 0 days ago and retweeted 11 times. twitter.com/ZecOps/status/… #pow1rtrtwwcve 2022-09-13 02:06:00
Twitter Icon @the_yellow_fall Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS securityonline.info/apple-warns-of… #opensource #infosec #security #pentesting 2022-09-13 02:43:07
Twitter Icon @AcooEdi Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS dlvr.it/SYCxB5 via securityonline https://t.co/XUlBCi7rJo 2022-09-13 02:44:07
Twitter Icon @kawn2020 #AppleUpdate #iOS #iPadOS Apple が iOS および iPadOS 向けに OS バージョン 15.7 リリース. CVE ベースで 11 件の脆弱性に対処. CVE-2022-32917 「A… twitter.com/i/web/status/1… 2022-09-13 03:15:22
Twitter Icon @macmacintosh 新着案内 ? macOS Monterey 12.6 (21G115)リリース。 【重要なセキュリティアップデートの実施】 積極的に悪用された可能性がある脆弱性(CVE-2022-32917)など複数の脆弱性に対処。 - りんご大… twitter.com/i/web/status/1… 2022-09-13 03:30:55
Twitter Icon @Komodosec #Vulnerability #Apple Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS securityonline.info/apple-warns-of… 2022-09-13 04:35:34
Twitter Icon @EchelonEyes Apple устранила 8-ю уязвимость нулевого дня за текущий год. CVE-2022-32917 позволяет злоумышленникам выполнить прои… twitter.com/i/web/status/1… 2022-09-13 06:49:34
Twitter Icon @Dinosn Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS securityonline.info/apple-warns-of… 2022-09-13 06:54:06
Twitter Icon @MyP0cket CVE-2022-32917 may have been actively exploited. support.apple.com/en-us/HT213444 2022-09-13 07:06:47
Twitter Icon @PentestingN Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS securityonline.info/apple-warns-of… Penetration Testing Apple Warn… twitter.com/i/web/status/1… 2022-09-13 07:14:22
Twitter Icon @shah_sheikh Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917): Apple has fixed a slew of vulnerabilities i… twitter.com/i/web/status/1… 2022-09-13 08:42:35
Twitter Icon @evanderburg Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) i.securitythinkingcap.com/SYDfYg https://t.co/nyZ3cNvA3U 2022-09-13 08:42:35
Twitter Icon @helpnetsecurity Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) - helpnetsecurity.com/2022/09/13/cve… - @Apple #0day… twitter.com/i/web/status/1… 2022-09-13 08:48:09
Twitter Icon @ncsntoday Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) | #ios | #apple | #iossecurity nationalcybersecuritynews.today/apple-fixes-ac… 2022-09-13 08:49:02
Twitter Icon @BibsTech Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) bibstech.live/apple-fixes-ac… 2022-09-13 08:54:17
Twitter Icon @RedPacketSec Apple macOS Monterey, iOS and iPadOS privilege escalation | CVE-2022-32917 - redpacketsecurity.com/apple-macos-mo… #CVE… twitter.com/i/web/status/1… 2022-09-13 09:01:44
Twitter Icon @inthewildio CVE-2022-32917 is getting exploited #inthewild. Find out more at inthewild.io/vuln/CVE-2022-… 2022-09-13 09:52:03
Twitter Icon @cipherstorm Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917): Apple has fixed a slew of vulnerabilities i… twitter.com/i/web/status/1… 2022-09-13 10:00:13
Twitter Icon @Xc0resecurity Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) dlvr.it/SYDsdx 2022-09-13 10:01:36
Twitter Icon @PoseidonTPA Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) news.poseidon-us.com/SYDsf7 #PoseidonTPA… twitter.com/i/web/status/1… 2022-09-13 10:01:39
Twitter Icon @IT_securitynews Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) itsecuritynews.info/apple-fixes-ac… 2022-09-13 10:16:59
Twitter Icon @SecurityNewsbot #Apple fixes actively exploited zero-day in macOS, #iOS (CVE-2022-32917) helpnetsecurity.com/2022/09/13/cve… #HelpNetSecurity 2022-09-13 10:30:13
Twitter Icon @blu3cloak Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) helpnetsecurity.com/2022/09/13/cve… 2022-09-13 10:51:07
Twitter Icon @Sec_Cyber Apple fixes actively #exploited zero-day in macOS, iOS (CVE-2022-32917) securecybersolution.com/apple-fixes-ac… 2022-09-13 11:00:02
Twitter Icon @CSAsingapore Apple has released security updates to fix a zero-day critical vulnerability (CVE-2022-32917) found in their produc… twitter.com/i/web/status/1… 2022-09-13 11:00:21
Twitter Icon @SG_Alerts [Notice-CSA] Apple has released security updates to fix a zero-day critical vulnerability (CVE-2022-32917) found in… twitter.com/i/web/status/1… 2022-09-13 11:01:32
Twitter Icon @DeepFriedCyber Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) dlvr.it/SYF4Xs #news #cybersecurity… twitter.com/i/web/status/1… 2022-09-13 11:07:38
Twitter Icon @web4x4_es Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) #ciberseguridad #cibersecurity helpnetsecurity.com/2022/09/13/cve… 2022-09-13 11:28:10
Twitter Icon @joviannfeed Help Net Security | "Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)" bit.ly/3qxsweX 2022-09-13 11:28:42
Twitter Icon @ipssignatures The vuln CVE-2022-32917 has a tweet created 0 days ago and retweeted 11 times. twitter.com/Dinosn/status/… #pow1rtrtwwcve 2022-09-13 12:06:00
Twitter Icon @iSandipd Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS #infosec #cybersecurity #RxCybersecurity securityonline.info/apple-warns-of… 2022-09-13 12:34:10
Twitter Icon @CVEtrends Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-32917: 2M (audience size) CVE-2013-3220: 393.5K CVE-2022-3289… twitter.com/i/web/status/1… 2022-09-13 13:00:03
Twitter Icon @moton Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) - Help Net Security - helpnetsecurity.com/2022/09/13/cve… 2022-09-13 14:18:01
Twitter Icon @Har_sia CVE-2022-32917 har-sia.info/CVE-2022-32917… #HarsiaInfo 2022-09-13 15:00:13
Twitter Icon @TheCyberSecHub Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) helpnetsecurity.com/2022/09/13/cve… 2022-09-13 15:00:37
Twitter Icon @DragonflyCLR Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917) helpnetsecurity.com/2022/09/13/cve… 2022-09-13 16:07:06
Twitter Icon @DigitalGuardian Time to update your Apple things. CVE-2022-32917 (fixed this week) allows a malicious app to run arbitrary code on… twitter.com/i/web/status/1… 2022-09-13 19:27:01
Reddit Logo Icon /r/KomodoCyberConsulting Apple Warns of New 0-Day CVE-2022-32917 Flaw on iOS, macOS 2022-09-13 04:35:35
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-09-13 12:55:57
Reddit Logo Icon /r/netcve CVE-2022-32917 2022-09-20 22:38:55
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report