Sign-up

ID

VAR-202209-0765


CVE

CVE-2022-32896


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020307

DESCRIPTION

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. Information about the security content is also available at https://support.apple.com/HT213444. ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32896: Wojciech Reguła (@_r3ggi) Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32911: Zweig of Kunlun Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-32917: an anonymous researcher Maps Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com MediaLibrary Available for: macOS Monterey Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher PackageKit Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t) Additional recognition Identity Services We would like to acknowledge Joshua Jones for their assistance. macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdoAACgkQ4RjMIDke NxkI5g//SbLPARNJZkH5CzD60NB87QymxWmpvPcbPiywLpVy8Yj7CzQ21rM7cshx 65LXO+4S5dIkWSv38lv7o+JOTuhPxnucdR9EhPN4Mjyl132S9zOylgaotp0/LZuJ vGOzN1LUO260VeB/4wpnWM5wQY5b16GGrIj1LJ1knKKNB05/JdBEHC0fXhPgIZ0A fOcQzNVaeySayjx4mariluq0GBXKQ9ELPEhS+z1XCEg6Rw1NLS0cC1mhGoXojRYF Bij2De+JBEFqtGTo4ceN52yBmUj4UF11zJPl3fybJIM1dmkRd0/7PpsqJmEiASWr cmCsY4DiMbFVPnpHKv8dkt4dNseejGntpEsHljlq6rATLSbGkTowwRtaF8QtgZzT wS3mAWlit6vjiMQlgMVLnDk72IGVqaIcu2JmIJtfLFDgXPctO64ZAvbWDPeCyNfe +6hnVv/sWzFh6dHh+kJYwDrMIxZnFZuZD1NzaHqxEPKUY9CdK8GhNzwVfOPzlP3U TfOaZGuyudXKn7k04ItHBPtq5P+oYDPDlfIzeP8n+WYLbUCP+a1A8yrqQnQuY1Rs N3cz70al/9ogGzamSCIe0jQxGrVaMgvd8GEDK9GnksRxd0vJl/rMm05wruOyv2pD gEhw6ZdE97icESMAOvPMjIR0eANuiK6vgyrg+GRn2RSqLpsr1VM= =qtyT -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-32896 // JVNDB: JVNDB-2022-020307 // VULHUB: VHN-424985 // VULMON: CVE-2022-32896 // PACKETSTORM: 168361

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.6

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.7

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020307 // NVD: CVE-2022-32896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32896
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32896
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202209-774
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32896
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-32896
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020307 // CNNVD: CNNVD-202209-774 // NVD: CVE-2022-32896

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-668

Trust: 0.1

sources: VULHUB: VHN-424985 // JVNDB: JVNDB-2022-020307 // NVD: CVE-2022-32896

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-774

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-774

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-424985

PATCH
title:HT213443 Apple  Security updateurl:https://support.apple.com/en-us/HT213443
Trust: 0.8
title:Apple macOS Big Sur Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226927
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-020307 // 
            
            
            
            CNNVD: CNNVD-202209-774

EXTERNAL IDS
db:NVDid:CVE-2022-32896
Trust: 3.5
db:PACKETSTORMid:168361
Trust: 0.8
db:JVNDBid:JVNDB-2022-020307
Trust: 0.8
db:CNNVDid:CNNVD-202209-774
Trust: 0.6
db:VULHUBid:VHN-424985
Trust: 0.1
db:VULMONid:CVE-2022-32896
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424985 // 
            
            
            
            VULMON: CVE-2022-32896 // 
            
            
            
            JVNDB: JVNDB-2022-020307 // 
            
            
            
            PACKETSTORM: 168361 // 
            
            
            
            CNNVD: CNNVD-202209-774 // 
            
            
            
            NVD: CVE-2022-32896

REFERENCES
url:https://support.apple.com/en-us/ht213443
Trust: 2.4
url:https://support.apple.com/en-us/ht213444
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-32896
Trust: 0.9
url:https://packetstormsecurity.com/files/168361/apple-security-advisory-2022-09-12-4.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-32896/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32917
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32864
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32900
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32902
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32911
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32908
Trust: 0.1
url:https://support.apple.com/ht213444.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32883
Trust: 0.1
url:https://support.apple.com/en-us/ht201222.
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424985 // 
            
            
            
            VULMON: CVE-2022-32896 // 
            
            
            
            JVNDB: JVNDB-2022-020307 // 
            
            
            
            PACKETSTORM: 168361 // 
            
            
            
            CNNVD: CNNVD-202209-774 // 
            
            
            
            NVD: CVE-2022-32896

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 168361

SOURCES
db:VULHUBid:VHN-424985
db:VULMONid:CVE-2022-32896
db:JVNDBid:JVNDB-2022-020307
db:PACKETSTORMid:168361
db:CNNVDid:CNNVD-202209-774
db:NVDid:CVE-2022-32896

LAST UPDATE DATE
2025-03-12T20:18:21.391000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-424985date:2023-03-08T00:00:00
db:VULMONid:CVE-2022-32896date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020307date:2023-11-01T07:05:00
db:CNNVDid:CNNVD-202209-774date:2023-03-09T00:00:00
db:NVDid:CVE-2022-32896date:2025-03-12T14:15:13.570

SOURCES RELEASE DATE
db:VULHUBid:VHN-424985date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-32896date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020307date:2023-11-01T00:00:00
db:PACKETSTORMid:168361date:2022-09-13T15:44:52
db:CNNVDid:CNNVD-202209-774date:2022-09-12T00:00:00
db:NVDid:CVE-2022-32896date:2023-02-27T20:15:12.130