CVE-2022-32893: Apple iOS and macOS Out-of-Bounds Write Vulnerability
First published: Wed Aug 17 2022(Updated: )
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Credit: product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/webkit2gtk | <=2.36.4-1~deb10u1 | 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2 |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.42.1-1 | |
| Apple Safari | <15.6.1 | 15.6.1 |
| Apple macOS Monterey | <12.5.1 | 12.5.1 |
| Apple iOS | <12.5.6 | 12.5.6 |
| Apple watchOS | <9 | 9 |
| Apple iOS | <15.6.1 | 15.6.1 |
| Apple iPadOS | <15.6.1 | 15.6.1 |
| Apple Safari | <15.6.1 | |
| Apple iPadOS | <15.6.1 | |
| Apple iPhone OS | <15.6.1 | |
| Apple macOS | >=12.0<12.5.1 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| WebKitGTK WebKitGTK | <2.36.7 | |
| Wpewebkit Wpe Webkit | <2.36.7 | |
| Apple iOS and macOS | ||
| <15.6.1 | ||
| <15.6.1 | ||
| <15.6.1 | ||
| >=12.0<12.5.1 | ||
| =35 | ||
| =36 | ||
| =10.0 | ||
| =11.0 | ||
| <2.36.7 | ||
| <2.36.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://wpewebkit.org/security/WSA-2022-0008.html
- https://security-tracker.debian.org/tracker/CVE-2022-32893
- https://support.apple.com/en-us/HT213414 (Advisory)
- https://support.apple.com/en-us/HT213413 (Advisory)
- https://support.apple.com/en-us/HT213428 (Advisory)
- https://support.apple.com/en-us/HT213486 (Advisory)
- https://support.apple.com/en-us/HT213412 (Advisory)
- http://seclists.org/fulldisclosure/2022/Aug/16
- http://seclists.org/fulldisclosure/2022/Oct/49
- http://www.openwall.com/lists/oss-security/2022/08/25/5
- http://www.openwall.com/lists/oss-security/2022/08/26/2
- http://www.openwall.com/lists/oss-security/2022/08/29/1
- http://www.openwall.com/lists/oss-security/2022/08/29/2
- http://www.openwall.com/lists/oss-security/2022/09/02/10
- http://www.openwall.com/lists/oss-security/2022/09/13/1
- https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/
- https://security.gentoo.org/glsa/202208-39
- https://www.debian.org/security/2022/dsa-5219
- https://www.debian.org/security/2022/dsa-5220
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/
- https://support.apple.com/en-gb/HT213412,
- https://support.apple.com/en-gb/HT213413;
- https://nvd.nist.gov/vuln/detail/CVE-2022-32893
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-32893
- CVE-2022-32894
- CVE-2022-42795
- CVE-2022-32907
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-32889
- CVE-2022-32854
- CVE-2022-32928
- CVE-2022-32903
- CVE-2022-1622
- CVE-2022-32913
- CVE-2022-32864
- CVE-2022-32866
- CVE-2022-32911
- CVE-2022-32914
- CVE-2022-32883
- CVE-2022-32908
- CVE-2022-32879
- CVE-2022-32881
- CVE-2022-32870
- CVE-2021-36690
- CVE-2022-32835
- CVE-2022-32875
- CVE-2022-32886
- CVE-2022-32888
- CVE-2022-32912
- CVE-2022-32891
- CVE-2022-46709
- CVE-2022-32925
Frequently Asked Questions
What is CVE-2022-32893?
CVE-2022-32893 is an Apple iOS and macOS out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Which software is affected by CVE-2022-32893?
Apple iOS, macOS, Safari, iPadOS, and watchOS are affected by CVE-2022-32893.
How can remote code execution be achieved with CVE-2022-32893?
Remote code execution can be achieved by exploiting the out-of-bounds write vulnerability in Apple iOS and macOS when processing malicious crafted web content.
What is the severity of CVE-2022-32893?
The severity of CVE-2022-32893 is not specified.
How can I fix CVE-2022-32893?
To fix CVE-2022-32893, update to Apple iOS and macOS versions 15.6.1, iOS version 12.5.6, iPadOS version 15.6.1, and watchOS version 9 or newer.
- collector/security-tracker-debian
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/software-canonical-lookup-request
- agent/weakness
- agent/title
- agent/severity
- agent/description
- source/Apple
- agent/software-canonical-lookup
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/tags
- agent/references
- collector/nvd-cve
- package-manager/debian
- vendor/apple
- canonical/apple safari
- canonical/apple macos monterey
- canonical/apple ios
- canonical/apple watchos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/12.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk
- vendor/wpewebkit
- canonical/wpewebkit wpe webkit
- canonical/apple ios and macos