Arbitrary Code Execution in Apple Products - macOS and iOS Vulnerability
CVE-2022-32917

7.8HIGH

Key Information:

Vendor

Apple
Status
iOS
Mac OS
Vendor
CVE Published:
20 September 2022

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2022-32917?

A vulnerability has been identified in Apple’s macOS and iOS systems that could permit applications to execute arbitrary code with kernel privileges. This flaw, resulting from insufficient bounds checks, allows potential exploitation that could compromise system integrity. The issue has been addressed in recent updates across affected products, and users are advised to update their systems promptly to mitigate risks. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

CISA has reported CVE-2022-32917

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-32917 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS < 16

macOS < 11.7

macOS < 15.7

References

https://support.apple.com/en-us/HT213446
https://support.apple.com/en-us/HT213443
https://support.apple.com/en-us/HT213445

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability Reserved

JSON
.