Tag :
Cyber Security

1. Summary

Vulnerability Name Apple iOS and macOS Out-of-Bounds Write Vulnerability (CVE-2022-32893)
Release Date August 17, 2022
Component Name WebKit
Affected Versions 12.0 ≤ macOS Monterry < 12.5.1 
iOS < 15.6.1
iPadOS < 15.6.1
Apple Safari < 15.6.1  
Vulnerability Type Out-of-Bounds Write
Severity CVSS v3 Base Score 8.8 (High)
Exploitability Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Impact Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

2. About CVE-2022-32893

2.1 Introduction

WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as on the iOS and iPadOS version of any web browser.

2.2 Summary  

On August 17, Sangfor FarSight Labs received a notice of an out-of-bounds write vulnerability in WebKit (CVE-2022-32893), classified as high severity with a CVSS Score of 8.8. The vulnerability is caused by improper input validation, leading to an out-of-bounds write. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32893 was added to CISA’s Known Exploited Vulnerabilities Catalog on August 18, 2022, and Apple is aware of a report that the vulnerability may have been actively exploited.

3. Affected Versions

12.0 ≤ macOS Monterry < 12.5.1 
iOS < 15.6.1
iPadOS < 15.6.1
Apple Safari < 15.6.1 

4. Solutions

4.1 Remediation Solutions

4.1.1 Apple Solutions

Apple has released software updates to fix the issue in macOS Monterey 12.5.1, iOS 15.6.1, iPadOS 15.6.1 and Safari 15.6.1.

Users can update to the latest software from their devices:

5. Timeline 

On August 17, 2022, Sangfor FarSight Labs received a notice about the Apple iOS and macOS Out-of-Bounds Write Vulnerability (CVE-2022-32893).

On August 18, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-32893

https://support.apple.com/en-us/HT213412

https://support.apple.com/en-us/HT213413

https://support.apple.com/en-us/HT213414

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall

Meet the Author

About Sangfor

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail