{"api_version":"1","generated_at":"2026-04-23T06:08:29+00:00","cve":"CVE-2022-32917","urls":{"html":"https://cve.report/CVE-2022-32917","api":"https://cve.report/api/cve/CVE-2022-32917.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-32917","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-32917"},"summary":{"title":"Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability","description":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2022-09-20 21:15:00","updated_at":"2022-12-07 03:12:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2022/Oct/45","name":"20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2022/Oct/40","name":"20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/en-us/HT213446","name":"https://support.apple.com/en-us/HT213446","refsource":"MISC","tags":[],"title":"About the security content of iOS 16 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2022/Oct/43","name":"20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2022/Oct/39","name":"20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213444","name":"https://support.apple.com/en-us/HT213444","refsource":"MISC","tags":[],"title":"About the security content of macOS Monterey 12.6 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213443","name":"https://support.apple.com/en-us/HT213443","refsource":"MISC","tags":[],"title":"About the security content of macOS Big Sur 11.7 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT213445","name":"https://support.apple.com/en-us/HT213445","refsource":"MISC","tags":[],"title":"About the security content of iOS 15.7 and iPadOS 15.7 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-32917","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32917","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"32917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"32917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"32917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2022","cve_id":"32917","cve":"CVE-2022-32917","vendorProject":"Apple","product":"iOS, iPadOS, and macOS","vulnerabilityName":"Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability","dateAdded":"2022-09-14","shortDescription":"Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-10-05","knownRansomwareCampaignUse":"Unknown","notes":"https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444;  https://nvd.nist.gov/vuln/detail/CVE-2022-32917","cwes":"CWE-20,CWE-787","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2022","cve_id":"32917","cve":"CVE-2022-32917","epss":"0.005850000","percentile":"0.690930000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[{"cve":"CVE-2022-32917","qid":"376980","title":"Apple macOS Big Sur 11.7 Not Installed (HT213443)"},{"cve":"CVE-2022-32917","qid":"376981","title":"Apple macOS Monterey 12.6 Not Installed (HT213444)"},{"cve":"CVE-2022-32917","qid":"610446","title":"Apple iOS 16 Security Update Missing"},{"cve":"CVE-2022-32917","qid":"610447","title":"Apple iOS 15.7 and iPadOS 15.7 Security Update Missing"},{"cve":"CVE-2022-32917","qid":"610448","title":"Apple iOS 15.7 and iPadOS 15.7 Security Update Missing"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-32917","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"16"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"11.7"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"15.7"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"12.6"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited."}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213446","name":"https://support.apple.com/en-us/HT213446"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213443","name":"https://support.apple.com/en-us/HT213443"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213445","name":"https://support.apple.com/en-us/HT213445"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213444","name":"https://support.apple.com/en-us/HT213444"},{"refsource":"FULLDISC","name":"20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16","url":"http://seclists.org/fulldisclosure/2022/Oct/39"},{"refsource":"FULLDISC","name":"20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7","url":"http://seclists.org/fulldisclosure/2022/Oct/40"},{"refsource":"FULLDISC","name":"20221030 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6","url":"http://seclists.org/fulldisclosure/2022/Oct/43"},{"refsource":"FULLDISC","name":"20221030 APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7","url":"http://seclists.org/fulldisclosure/2022/Oct/45"}]},"description":{"description_data":[{"lang":"eng","value":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.."}]}},"nvd":{"publishedDate":"2022-09-20 21:15:00","lastModifiedDate":"2022-12-07 03:12:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"15.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"15.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}