Sign-up

ID

VAR-202209-0766


CVE

CVE-2022-32902


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020128

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. apple's macOS Exists in unspecified vulnerabilities.Information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-09-12-4 macOS Monterey 12.6 macOS Monterey 12.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213444. CVE-2022-32902: Mickey Jin (@patch1t) iMovie Available for: macOS Monterey Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi) Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32911: Zweig of Kunlun Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-32917: an anonymous researcher Maps Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com MediaLibrary Available for: macOS Monterey Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32900: Mickey Jin (@patch1t) Additional recognition Identity Services We would like to acknowledge Joshua Jones for their assistance. macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdoAACgkQ4RjMIDke NxkI5g//SbLPARNJZkH5CzD60NB87QymxWmpvPcbPiywLpVy8Yj7CzQ21rM7cshx 65LXO+4S5dIkWSv38lv7o+JOTuhPxnucdR9EhPN4Mjyl132S9zOylgaotp0/LZuJ vGOzN1LUO260VeB/4wpnWM5wQY5b16GGrIj1LJ1knKKNB05/JdBEHC0fXhPgIZ0A fOcQzNVaeySayjx4mariluq0GBXKQ9ELPEhS+z1XCEg6Rw1NLS0cC1mhGoXojRYF Bij2De+JBEFqtGTo4ceN52yBmUj4UF11zJPl3fybJIM1dmkRd0/7PpsqJmEiASWr cmCsY4DiMbFVPnpHKv8dkt4dNseejGntpEsHljlq6rATLSbGkTowwRtaF8QtgZzT wS3mAWlit6vjiMQlgMVLnDk72IGVqaIcu2JmIJtfLFDgXPctO64ZAvbWDPeCyNfe +6hnVv/sWzFh6dHh+kJYwDrMIxZnFZuZD1NzaHqxEPKUY9CdK8GhNzwVfOPzlP3U TfOaZGuyudXKn7k04ItHBPtq5P+oYDPDlfIzeP8n+WYLbUCP+a1A8yrqQnQuY1Rs N3cz70al/9ogGzamSCIe0jQxGrVaMgvd8GEDK9GnksRxd0vJl/rMm05wruOyv2pD gEhw6ZdE97icESMAOvPMjIR0eANuiK6vgyrg+GRn2RSqLpsr1VM= =qtyT -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-32902 // JVNDB: JVNDB-2022-020128 // VULHUB: VHN-424991 // VULMON: CVE-2022-32902 // PACKETSTORM: 168361

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.7

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.6

Trust: 0.8

sources: JVNDB: JVNDB-2022-020128 // NVD: CVE-2022-32902

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32902
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32902
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202209-773
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32902
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-32902
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020128 // CNNVD: CNNVD-202209-773 // NVD: CVE-2022-32902

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020128 // NVD: CVE-2022-32902

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-773

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-773

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-424991

PATCH
title:HT213444 Apple  Security updateurl:https://support.apple.com/en-us/HT213443
Trust: 0.8
title:Apple macOS Big Sur Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=211804
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-020128 // 
            
            
            
            CNNVD: CNNVD-202209-773

EXTERNAL IDS
db:NVDid:CVE-2022-32902
Trust: 3.5
db:PACKETSTORMid:168361
Trust: 0.8
db:JVNDBid:JVNDB-2022-020128
Trust: 0.8
db:AUSCERTid:ESB-2022.5300
Trust: 0.6
db:CNNVDid:CNNVD-202209-773
Trust: 0.6
db:VULHUBid:VHN-424991
Trust: 0.1
db:VULMONid:CVE-2022-32902
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424991 // 
            
            
            
            VULMON: CVE-2022-32902 // 
            
            
            
            JVNDB: JVNDB-2022-020128 // 
            
            
            
            PACKETSTORM: 168361 // 
            
            
            
            CNNVD: CNNVD-202209-773 // 
            
            
            
            NVD: CVE-2022-32902

REFERENCES
url:https://support.apple.com/en-us/ht213443
Trust: 2.4
url:https://support.apple.com/en-us/ht213488
Trust: 2.4
url:https://support.apple.com/en-us/ht213444
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-32902
Trust: 0.9
url:https://cxsecurity.com/cveshow/cve-2022-32902/
Trust: 0.6
url:https://packetstormsecurity.com/files/168361/apple-security-advisory-2022-09-12-4.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5300
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32917
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32864
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32900
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32911
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32896
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32908
Trust: 0.1
url:https://support.apple.com/ht213444.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32883
Trust: 0.1
url:https://support.apple.com/en-us/ht201222.
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424991 // 
            
            
            
            VULMON: CVE-2022-32902 // 
            
            
            
            JVNDB: JVNDB-2022-020128 // 
            
            
            
            PACKETSTORM: 168361 // 
            
            
            
            CNNVD: CNNVD-202209-773 // 
            
            
            
            NVD: CVE-2022-32902

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 168361

SOURCES
db:VULHUBid:VHN-424991
db:VULMONid:CVE-2022-32902
db:JVNDBid:JVNDB-2022-020128
db:PACKETSTORMid:168361
db:CNNVDid:CNNVD-202209-773
db:NVDid:CVE-2022-32902

LAST UPDATE DATE
2024-08-14T12:29:14.970000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-424991date:2023-03-07T00:00:00
db:VULMONid:CVE-2022-32902date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020128date:2023-10-31T07:31:00
db:CNNVDid:CNNVD-202209-773date:2023-03-08T00:00:00
db:NVDid:CVE-2022-32902date:2023-03-07T21:21:20.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-424991date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-32902date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020128date:2023-10-31T00:00:00
db:PACKETSTORMid:168361date:2022-09-13T15:44:52
db:CNNVDid:CNNVD-202209-773date:2022-09-12T00:00:00
db:NVDid:CVE-2022-32902date:2023-02-27T20:15:12.263