ID

VAR-202210-1479


CVE

CVE-2022-32915


TITLE

Apple macOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

DESCRIPTION

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260 curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252 dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2022-32915: Tommy Muir (@Muirey03) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23504: Adam Doupé of ASU SEFCOM Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg) PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t) Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog) Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t) Additional recognition Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance. macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke NxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl P9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg gGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm DHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85 J4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064 KNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7 YrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp 8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b fR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo y1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+ WL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ= =BbMS -----END PGP SIGNATURE-----

Trust: 1.08

sources: NVD: CVE-2022-32915 // VULHUB: VHN-425004 // PACKETSTORM: 170697

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.6.3

Trust: 1.0

sources: NVD: CVE-2022-32915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32915
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-1634
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32915
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1634 // NVD: CVE-2022-32915

PROBLEMTYPE DATA

problemtype:CWE-843

Trust: 1.1

sources: VULHUB: VHN-425004 // NVD: CVE-2022-32915

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

PATCH

title:Apple macOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212659

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

EXTERNAL IDS

db:NVDid:CVE-2022-32915

Trust: 1.8

db:PACKETSTORMid:170697

Trust: 0.7

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:CNNVDid:CNNVD-202210-1634

Trust: 0.6

db:VULHUBid:VHN-425004

Trust: 0.1

sources: VULHUB: VHN-425004 // PACKETSTORM: 170697 // CNNVD: CNNVD-202210-1634 // NVD: CVE-2022-32915

REFERENCES

url:https://support.apple.com/en-us/ht213488

Trust: 2.3

url:https://support.apple.com/kb/ht213604

Trust: 1.7

url:http://seclists.org/fulldisclosure/2023/jan/20

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-32915/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://packetstormsecurity.com/files/170697/apple-security-advisory-2023-01-23-5.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702

Trust: 0.6

url:https://support.apple.com/en-us/ht213604

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2023-23507

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23504

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23508

Trust: 0.1

url:https://support.apple.com/ht213604.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35260

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23502

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: VULHUB: VHN-425004 // PACKETSTORM: 170697 // CNNVD: CNNVD-202210-1634 // NVD: CVE-2022-32915

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 170697

SOURCES

db:VULHUBid:VHN-425004
db:PACKETSTORMid:170697
db:CNNVDid:CNNVD-202210-1634
db:NVDid:CVE-2022-32915

LAST UPDATE DATE

2024-08-14T13:02:16.494000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-425004date:2023-03-01T00:00:00
db:CNNVDid:CNNVD-202210-1634date:2023-02-01T00:00:00
db:NVDid:CVE-2022-32915date:2023-03-01T18:05:33.623

SOURCES RELEASE DATE

db:VULHUBid:VHN-425004date:2022-11-01T00:00:00
db:PACKETSTORMid:170697date:2023-01-24T16:41:07
db:CNNVDid:CNNVD-202210-1634date:2022-10-24T00:00:00
db:NVDid:CVE-2022-32915date:2022-11-01T20:15:19.327