Vulnerability in Apple Ios And Ipados
CVE-2022-32893
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code exec…
EPSS: 0.001 (25.3th percentile) — read the EPSS interpretation.
Affected products
- Apple Ios And Ipados — versions unspecified
- Apple Macos — versions unspecified
- Apple Safari — versions unspecified
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.apple.com/en-us/HT213414
- support.apple.com/en-us/HT213412
- support.apple.com/en-us/HT213413
- [oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 (mailing-list)
- [oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 (mailing-list)
- FEDORA-2022-eada5f24a0 (vendor-advisory)
- DSA-5220 (vendor-advisory)
- DSA-5219 (vendor-advisory)
- [oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 (mailing-list)
- [oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 (mailing-list)
Frequently asked questions
- What is CVE-2022-32893?
- CVE-2022-32893 is a vulnerability in Apple Ios And Ipados. Published 2022-08-24.
- Is CVE-2022-32893 known to be exploited?
- Yes. CVE-2022-32893 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-08-18), indicating it is being actively exploited. 4 public proof-of-concept repositories are indexed.