CVE-2022-32802 Checks were improved to address a logic issue in iOS 15.6 and iPadOS 15.6, tvOS 15.6, and macOS Monterey 12.5.

To protect your device, stay up-to-date on Apple’s latest software. To determine if there are any updates available, click here. To learn more about how to keep your software updated, click here.

In iOS, macOS, and tvOS, a logic issue allowed processes to be forced through a maliciously crafted APTicket. In macOS, a logic issue allowed a maliciously crafted APUID to be loaded into a process. Both of these issues may have been leveraged by an attacker to install malicious software. In iOS, the logic issue in “certificate trust” within the “Extended Keychain” allowed a maliciously crafted certificate to be loaded into a process. This issue may have been leveraged by an attacker to install malicious software. In macOS, a logic issue in “APUID” allowed a maliciously crafted certificate to be loaded into a process. This issue may have been leveraged by an attacker to install malicious software. In iOS, a logic issue in “signature verification” within “Extended Keychain” allowed a maliciously crafted certificate to be loaded into a process. This issue may have been leveraged by an attacker to install malicious software. In iOS, a logic issue in “trust evaluation” within “Extended Keychain” allowed a maliciously crafted certificate to be loaded into a process. This issue may have been leveraged by an attacker

iOS Software Update Protection

Apple has released a software update to protect your device from the security issues. To determine if your device is up-to-date, go to Settings > General > Software Update and follow the prompts. If you are not running iOS 12 or later, update your device by clicking here. For more information on how to keep your iOS software updated, click here.

Version Information iOS: 11.2.6

macOS: 10.13.3
tvOS: 10.1
CVE-2022-32802

Apple iOS Software updates

To protect your device, stay up-to-date on Apple’s latest software. To determine if there are any updates available, click here. To learn more about how to keep your software updated, click here.

Timeline

Published on: 09/20/2022 21:15:00 UTC
Last modified on: 09/22/2022 17:04:00 UTC

References

• https://support.apple.com/en-us/HT213345
• https://support.apple.com/en-us/HT213342
• https://support.apple.com/en-us/HT213346
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32802