CVE-2022-32793 Out-of-bounds write issues were addressed with improved bounds checking in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6.

This can result in the execution of arbitrary code. An app may be able to prevent a trusted app from sending or receiving data. An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating. Out-of-bounds writes are not always exploitable, but they may allow an app to perform actions that are not authorized. This issue was addressed with improved validation of memory access. An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating. OUT-OF-BOUNDS WRITE ISSUES An app may be able to perform arbitrary memory writes. An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating.

Vulnerability summary

When using an API to create a new file, an app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating.
Vulnerable versions: All releases before the current one

Vulnerability Scoring

This issue was addressed with improved validation of memory access.
An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating. OUT-OF-BOUNDS WRITE ISSUES An app may be able to perform arbitrary memory writes. An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating. VULNERABILITY SCORING An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating

Vulnerability scopes

An app may be able to prevent a trusted app from sending or receiving data. An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating.
An app may be able to read or delete data from outside its permissions policy. An app may be able to prevent another app from updating.

Timeline

Published on: 08/24/2022 20:15:00 UTC
Last modified on: 09/16/2022 20:04:00 UTC

References

• https://support.apple.com/en-us/HT213345
• https://support.apple.com/en-us/HT213342
• https://support.apple.com/en-us/HT213340
• https://support.apple.com/en-us/HT213346
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32793