First published: Mon Oct 24 2022(Updated: )
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.
Credit: Cristian Dinca Tudor Vianu National High School of Computer Science ofCristian Dinca Tudor Vianu National High School of Computer Science of product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
<13 | 13 | |
Apple iOS | <16.1 | 16.1 |
Apple iPadOS | <16 | 16 |
Apple iPadOS | <16.0 | |
Apple iPhone OS | <16.1 | |
Apple macOS | <13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-32938 is a vulnerability in Apple iOS, iPadOS, and macOS Ventura that involves a parsing issue in the handling of directory paths.
CVE-2022-32938 can allow an attacker to exploit a parsing issue in directory paths, potentially leading to unauthorized access or other malicious activities on affected Apple devices.
Apple iOS versions up to and excluding 16.1 are affected by CVE-2022-32938.
Apple iPadOS versions up to and excluding 16 are affected by CVE-2022-32938.
Upgrading to Apple iOS 16.1, iPadOS 16, or macOS Ventura 13 will address the parsing issue and provide improved path validation to mitigate the vulnerability.