ID

VAR-202207-1502


CVE

CVE-2022-32802


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-019240

DESCRIPTION

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability. The vulnerability stems from a boundary error in ImageIO. A remote attacker can create a specially crafted file to trick the victim into opening it, causing memory corruption and execution on the target system. arbitrary code. The vulnerability could allow a remote attacker to execute arbitrary code on the target system. iOS 15.6 and iPadOS 15.6. MacOS: Out-of-bounds write in RawCamera There is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1. A zipped proof of concept file is attached. The easiest way to demonstrate the vulnerability is doubleclick the crash.raw file to open it in Preview, after which Preview will crash with the call stack provided below. Process 2146 stopped * thread #4, queue = 'ProviderImageSurfaceCacheQueue', stop reason = EXC_BAD_ACCESS (code=1, address=0x123971000) frame #0: 0x00007ff91009f0a5 RawCamera`___lldb_unnamed_symbol2861$$RawCamera + 8643 RawCamera`___lldb_unnamed_symbol2861$$RawCamera: -> 0x7ff91009f0a5 <+8643>: movw %ax, (%rcx) 0x7ff91009f0a8 <+8646>: movzbl -0x2(%rbx,%r14), %eax 0x7ff91009f0ae <+8652>: movzbl -0x2(%rbx,%r12), %ecx 0x7ff91009f0b4 <+8658>: shlq $0x8, %rax Target 0: (Preview) stopped. (lldb) bt * thread #4, queue = 'ProviderImageSurfaceCacheQueue', stop reason = EXC_BAD_ACCESS (code=1, address=0x123971000) * frame #0: 0x00007ff91009f0a5 RawCamera`___lldb_unnamed_symbol2861$$RawCamera + 8643 frame #1: 0x00007ff9100a0047 RawCamera`___lldb_unnamed_symbol2866$$RawCamera + 563 frame #2: 0x00007ff90ffda53b RawCamera`___lldb_unnamed_symbol441$$RawCamera + 361 frame #3: 0x00007ff91006b69e RawCamera`___lldb_unnamed_symbol2032$$RawCamera + 109 frame #4: 0x00007ff80c733dfd CoreImage`__103-[CIImage(CIImageProvider) _initWithImageProvider:width:height:format:colorSpace:surfaceCache:options:]_block_invoke + 47 frame #5: 0x00007ff80c955f67 CoreImage`invocation function for block in CI::ProviderNode::surfaceForROI(CI::Context const*, CGRect const&) const + 197 frame #6: 0x00007ff80c6f2d80 CoreImage`SurfaceApplyPlaneBlock + 381 frame #7: 0x00007ff80c955e9c CoreImage`invocation function for block in CI::ProviderNode::surfaceForROI(CI::Context const*, CGRect const&) const + 87 frame #8: 0x00007ff80c725e89 CoreImage`invocation function for block in CI::SurfaceCacheEntry::fillAsync() + 114 frame #9: 0x00007ff8032920cc libdispatch.dylib`_dispatch_call_block_and_release + 12 frame #10: 0x00007ff803293317 libdispatch.dylib`_dispatch_client_callout + 8 frame #11: 0x00007ff803299317 libdispatch.dylib`_dispatch_lane_serial_drain + 672 frame #12: 0x00007ff803299e30 libdispatch.dylib`_dispatch_lane_invoke + 417 frame #13: 0x00007ff8032a3eee libdispatch.dylib`_dispatch_workloop_worker_thread + 753 frame #14: 0x00007ff80344afd0 libsystem_pthread.dylib`_pthread_wqthread + 326 frame #15: 0x00007ff803449f57 libsystem_pthread.dylib`start_wqthread + 15 This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will become public 30 days after the fix was made available. Otherwise, this bug report will become public at the deadline. The scheduled deadline is 2022-07-27. Related CVE Numbers: CVE-2022-32802. Found by: ifratric@google.com . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6 iOS 15.6 and iPadOS 15.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213346. APFS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32788: Natalie Silvanovich of Google Project Zero AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) CVE-2022-32829: an anonymous researcher Apple Neural Engine Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) CoreMedia Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32855: an anonymous researcher iCloud Photo Library Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A logic issue was addressed with improved checks. CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t) ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0) Liblouis Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PluginKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro Safari Extensions Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: The issue was addressed with improved UI handling. CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University Software Update Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuMACgkQeC9qKD1p rhhc5hAA2emrXEYGmfH1M/gji0MOPflW+wrr0y8buntNyeJYFQbf1xgGkr9hmHlM DkROvVCXDzuMyH9QDOPNFGPqBTAe/5cL+auNq497f/vGVjEOZ09Y4vC/FVBBklgo kQND7CoWBhk99PgNxVdJyzkeKhBEs9JrNaIyGVqg8tChTWWghRzyyyQfHpSQfwj1 M9042Kj8w9hi4SrY9R8Oe+QrcCYw/lYo3yO6WIUfajzIs/urT175BFedXS+9l4cK 6srMpa/n67w3XZU9psQBVddlkVDymx1c5Lzuo84haM7TYNddOYDVluP+676Uq0vj 5E24vTuGLS+vdDlJri6WMJv2d7NZ8dtJAVhPioP3ThGGsAXdpT/PmNbkc5R0RbiV TKs/2CDK4+raGHlOz6leuEfUJtUD1rHLI5n21XBQY1HOvwB9CDqGc5l7FpRoMdaj DY/8yaIbWKVu1iycA2NAsxfyc9u1QTwwluGmzelpo9XdAWIZ17j6Dkalta9scCQb akHz3M1PSAYw4ljfGuYYiHElAKuZn/daeAUKZ0zMJOVdHtecliJbV3VlqMzaOKqm gXWNoBOwCow8Tj80F2dFNTvlQe91L8r7NeQAo7KCzEXbVSQqfemojtrREl5BvmWS 9s7+QxqDWAHSUr+WakmKTESMA3DTlZBhBbUXE+uNRrEwboUQKeI= =Nnrk -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2022-32802 // JVNDB: JVNDB-2022-019240 // VULHUB: VHN-424891 // VULMON: CVE-2022-32802 // PACKETSTORM: 168121 // PACKETSTORM: 167790 // PACKETSTORM: 167786

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope:eqversion:15.6

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019240 // NVD: CVE-2022-32802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32802
value: HIGH

Trust: 1.0

NVD: CVE-2022-32802
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2093
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32802
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32802
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019240 // CNNVD: CNNVD-202207-2093 // NVD: CVE-2022-32802

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019240 // NVD: CVE-2022-32802

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2093

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2093

PATCH

title:HT213445 Apple  Security updateurl:https://support.apple.com/en-us/HT213442

Trust: 0.8

title:Apple iOS and iPadOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=200850

Trust: 0.6

title:Apple: iOS 15.6 and iPadOS 15.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a

Trust: 0.1

sources: VULMON: CVE-2022-32802 // JVNDB: JVNDB-2022-019240 // CNNVD: CNNVD-202207-2093

EXTERNAL IDS

db:NVDid:CVE-2022-32802

Trust: 3.7

db:PACKETSTORMid:168121

Trust: 0.8

db:PACKETSTORMid:167790

Trust: 0.8

db:JVNDBid:JVNDB-2022-019240

Trust: 0.8

db:CNNVDid:CNNVD-202207-2093

Trust: 0.7

db:CXSECURITYid:WLB-2022080066

Trust: 0.6

db:CS-HELPid:SB2022072107

Trust: 0.6

db:AUSCERTid:ESB-2022.3558

Trust: 0.6

db:PACKETSTORMid:167786

Trust: 0.2

db:VULHUBid:VHN-424891

Trust: 0.1

db:VULMONid:CVE-2022-32802

Trust: 0.1

sources: VULHUB: VHN-424891 // VULMON: CVE-2022-32802 // JVNDB: JVNDB-2022-019240 // PACKETSTORM: 168121 // PACKETSTORM: 167790 // PACKETSTORM: 167786 // CNNVD: CNNVD-202207-2093 // NVD: CVE-2022-32802

REFERENCES

url:https://support.apple.com/en-us/ht213346

Trust: 2.3

url:https://support.apple.com/en-us/ht213342

Trust: 1.7

url:https://support.apple.com/en-us/ht213345

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32802

Trust: 1.1

url:https://www.auscert.org.au/bulletins/esb-2022.3558

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32802/

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022080066

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38878

Trust: 0.6

url:https://packetstormsecurity.com/files/167790/apple-security-advisory-2022-07-20-5.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072107

Trust: 0.6

url:https://packetstormsecurity.com/files/168121/macos-rawcamera-out-of-bounds-write.html

Trust: 0.6

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32792

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32788

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32814

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32793

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26981

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32813

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32815

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32787

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://support.apple.com/kb/ht213346

Trust: 0.1

url:https://support.apple.com/ht213342.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32816

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32820

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32784

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32810

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32785

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://support.apple.com/ht213346.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26768

Trust: 0.1

sources: VULHUB: VHN-424891 // VULMON: CVE-2022-32802 // JVNDB: JVNDB-2022-019240 // PACKETSTORM: 168121 // PACKETSTORM: 167790 // PACKETSTORM: 167786 // CNNVD: CNNVD-202207-2093 // NVD: CVE-2022-32802

CREDITS

Ivan Fratric

Trust: 0.6

sources: CNNVD: CNNVD-202207-2093

SOURCES

db:VULHUBid:VHN-424891
db:VULMONid:CVE-2022-32802
db:JVNDBid:JVNDB-2022-019240
db:PACKETSTORMid:168121
db:PACKETSTORMid:167790
db:PACKETSTORMid:167786
db:CNNVDid:CNNVD-202207-2093
db:NVDid:CVE-2022-32802

LAST UPDATE DATE

2024-08-14T12:42:39.682000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424891date:2022-09-22T00:00:00
db:JVNDBid:JVNDB-2022-019240date:2023-10-25T02:25:00
db:CNNVDid:CNNVD-202207-2093date:2022-09-23T00:00:00
db:NVDid:CVE-2022-32802date:2022-09-22T17:04:42.517

SOURCES RELEASE DATE

db:VULHUBid:VHN-424891date:2022-09-20T00:00:00
db:JVNDBid:JVNDB-2022-019240date:2023-10-25T00:00:00
db:PACKETSTORMid:168121date:2022-08-22T15:53:03
db:PACKETSTORMid:167790date:2022-07-22T16:24:11
db:PACKETSTORMid:167786date:2022-07-22T16:22:17
db:CNNVDid:CNNVD-202207-2093date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32802date:2022-09-20T21:15:10.620