CVE-2022-32828 The issue was fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, and macOS Monterey 12.5.

This can result in sensitive information being exposed to the app and potentially exploited. An app may be able to read and write to files on the file system. This can result in a malicious app being able to access data or potentially execute arbitrary code with system privileges. This issue is fixed in iOS 15.6, tvOS 15.6, and macOS Monterey 12.5. An app may be able to access kernel memory. This can result in sensitive information being exposed to the app and potentially exploited. An app may be able to read and write to files on the file system. This can result in a malicious app being able to access data or potentially execute arbitrary code with system privileges. This issue is fixed in iOS 15.6, tvOS 15.6, and macOS Monterey 12.5. An app may be able to access kernel memory. This can result in sensitive information being exposed to the app and potentially exploited. An app may be able to read and write to files on the file system. This can result in a malicious app being able to access data or potentially execute arbitrary code with system privileges. This issue is fixed in iOS 15.6, tvOS 15.6, and macOS Monterey 12.5. An app may be able to access kernel memory. This can result in sensitive information being exposed to the app and potentially exploited. An app may be able to read and write to files on the file system. This can result in a malicious app being able to access

What to do if you’re seeing these issues

Users who are seeing these types of issues should contact AppleCare.
It is recommended that all apps update to iOS 15.6, tvOS 15.6, or macOS Monterey 12.5.

What to do if you’ve identified potential issues?

If you’ve identified potential issues, report them to Apple.

What to look for ?

Many apps are vulnerable to this issue, but the only way to know if your app is vulnerable is to check it. This issue is fixed in iOS 15.6, tvOS 15.6, and macOS Monterey 12.5. An app may be able to access kernel memory. This can result in sensitive information being exposed to the app and potentially exploited. An app may be able to read and write to files on the file system. This can result in a malicious app being able to access data or potentially execute arbitrary code with system privileges. This issue is fixed in iOS 15.6, tvOS 15.6, and macOS Monterey 12.5."

What to check for in iOS

- Check that there are no private keys, certificates, or other sensitive information in your iOS keychain.
- Check that no sensitive information is stored on a Shared User Data Storage device.
- Check that the app has not been granted access to any third party services such as mail servers or remote peer-to-peer sharing.
- Check that the app has not been granted access to any personal data such as account passwords, credit card numbers and social media profiles.

Timeline

Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 17:00:00 UTC

References

• https://support.apple.com/en-us/HT213345
• https://support.apple.com/en-us/HT213342
• https://support.apple.com/en-us/HT213346
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32828