CVE-2022-32800 An issue in Catalina, Monterey, and Big Sur was fixed with improved checks.

This may allow an app to install a root certificate that allows the app to masquerade as another service. To exploit this issue, the app would have to be signed with that root certificate. This issue has been addressed with improved signing enforcement.

If an app was signed with a self-signed certificate, it could create a network connection without user interaction. This issue has been addressed with improved connection security.

It is possible for an app to be able to modify protected parts of the file system. This issue has been addressed with improved protections. If an app has root permissions, it can access protected parts of the file system.

Miscellaneous

The issues above have been addressed with improved protections and improved connection security.

How do I know if my device is vulnerable?

To check if your device is vulnerable, go to Settings > Security and check for the "Unknown sources" setting. If this setting is disabled, then you are not vulnerable to this issue. If an app was signed with a self-signed certificate, it could create a network connection without user interaction. This issue has been addressed with improved connection security.
If an app has root permissions, it can access protected parts of the file system. This issue has been addressed with improved protections.

What to do if you are experiencing any of these issues?

If you see this message, it means that there is an issue with your app. You can check out our article on these common issues to learn how to resolve them.

You should also contact the developer of your app to see if they have any other insight into what may be going wrong.

What to do if you are currently vulnerable?

If you are currently vulnerable, make sure that you update your apps and devices to the latest version of the operating system. To find out if any of your apps or devices are affected, check the list of CVEs found at https://www.cve.mitre.org/about/overview/. If you're unsure which OS version is most recent for your device, contact your device provider or manufacturer for information about updates for your specific device.

MDM - Mobile Device Management
There are many ways to manage a company's mobile devices. A popular method is using a Mobile Device Management (MDM) solution. MDM solutions perform tasks like provisioning, app deployment, and application management. They can also be used to enforce policies related to security, privacy and compliance across all devices in a company's fleet with one central console

How do I find out if my device is vulnerable?

Since Android issues updates automatically, there is no way to find out if your device is vulnerable without installing a patch. However, if you're on an alternate OS like iOS, then you can check the version of your OS and see if it's affected by this vulnerability.

Timeline

Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 18:53:00 UTC

References

• https://support.apple.com/en-us/HT213344
• https://support.apple.com/en-us/HT213345
• https://support.apple.com/en-us/HT213343
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32800