Sign-up

ID

VAR-202209-0767


CVE

CVE-2022-32900


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020306

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges. apple's macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213444. CVE-2022-32902: Mickey Jin (@patch1t) iMovie Available for: macOS Monterey Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi) Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32911: Zweig of Kunlun Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-32917: an anonymous researcher Maps Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com MediaLibrary Available for: macOS Monterey Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32900: Mickey Jin (@patch1t) Additional recognition Identity Services We would like to acknowledge Joshua Jones for their assistance. macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdoAACgkQ4RjMIDke NxkI5g//SbLPARNJZkH5CzD60NB87QymxWmpvPcbPiywLpVy8Yj7CzQ21rM7cshx 65LXO+4S5dIkWSv38lv7o+JOTuhPxnucdR9EhPN4Mjyl132S9zOylgaotp0/LZuJ vGOzN1LUO260VeB/4wpnWM5wQY5b16GGrIj1LJ1knKKNB05/JdBEHC0fXhPgIZ0A fOcQzNVaeySayjx4mariluq0GBXKQ9ELPEhS+z1XCEg6Rw1NLS0cC1mhGoXojRYF Bij2De+JBEFqtGTo4ceN52yBmUj4UF11zJPl3fybJIM1dmkRd0/7PpsqJmEiASWr cmCsY4DiMbFVPnpHKv8dkt4dNseejGntpEsHljlq6rATLSbGkTowwRtaF8QtgZzT wS3mAWlit6vjiMQlgMVLnDk72IGVqaIcu2JmIJtfLFDgXPctO64ZAvbWDPeCyNfe +6hnVv/sWzFh6dHh+kJYwDrMIxZnFZuZD1NzaHqxEPKUY9CdK8GhNzwVfOPzlP3U TfOaZGuyudXKn7k04ItHBPtq5P+oYDPDlfIzeP8n+WYLbUCP+a1A8yrqQnQuY1Rs N3cz70al/9ogGzamSCIe0jQxGrVaMgvd8GEDK9GnksRxd0vJl/rMm05wruOyv2pD gEhw6ZdE97icESMAOvPMjIR0eANuiK6vgyrg+GRn2RSqLpsr1VM= =qtyT -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-32900 // JVNDB: JVNDB-2022-020306 // VULHUB: VHN-424989 // VULMON: CVE-2022-32900 // PACKETSTORM: 168361

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.6

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.7

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020306 // NVD: CVE-2022-32900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32900
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-32900
value: HIGH

Trust: 1.0

NVD: CVE-2022-32900
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-776
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32900
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-32900
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020306 // CNNVD: CNNVD-202209-776 // NVD: CVE-2022-32900 // NVD: CVE-2022-32900

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020306 // NVD: CVE-2022-32900

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-776

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-776

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-424989

PATCH
title:HT213443 Apple  Security updateurl:https://support.apple.com/en-us/HT213443
Trust: 0.8
title:Apple macOS Big Sur Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226928
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-020306 // 
            
            
            
            CNNVD: CNNVD-202209-776

EXTERNAL IDS
db:NVDid:CVE-2022-32900
Trust: 3.5
db:PACKETSTORMid:168361
Trust: 0.8
db:JVNDBid:JVNDB-2022-020306
Trust: 0.8
db:CNNVDid:CNNVD-202209-776
Trust: 0.6
db:VULHUBid:VHN-424989
Trust: 0.1
db:VULMONid:CVE-2022-32900
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424989 // 
            
            
            
            VULMON: CVE-2022-32900 // 
            
            
            
            JVNDB: JVNDB-2022-020306 // 
            
            
            
            PACKETSTORM: 168361 // 
            
            
            
            CNNVD: CNNVD-202209-776 // 
            
            
            
            NVD: CVE-2022-32900

REFERENCES
url:https://support.apple.com/en-us/ht213443
Trust: 2.4
url:https://support.apple.com/en-us/ht213444
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-32900
Trust: 0.9
url:https://packetstormsecurity.com/files/168361/apple-security-advisory-2022-09-12-4.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-32900/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32917
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32864
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32902
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32911
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32896
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32908
Trust: 0.1
url:https://support.apple.com/ht213444.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32883
Trust: 0.1
url:https://support.apple.com/en-us/ht201222.
Trust: 0.1
sources:
            
            
            VULHUB: VHN-424989 // 
            
            
            
            VULMON: CVE-2022-32900 // 
            
            
            
            JVNDB: JVNDB-2022-020306 // 
            
            
            
            PACKETSTORM: 168361 // 
            
            
            
            CNNVD: CNNVD-202209-776 // 
            
            
            
            NVD: CVE-2022-32900

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 168361

SOURCES
db:VULHUBid:VHN-424989
db:VULMONid:CVE-2022-32900
db:JVNDBid:JVNDB-2022-020306
db:PACKETSTORMid:168361
db:CNNVDid:CNNVD-202209-776
db:NVDid:CVE-2022-32900

LAST UPDATE DATE
2025-03-12T20:14:41.697000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-424989date:2023-03-08T00:00:00
db:VULMONid:CVE-2022-32900date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020306date:2023-11-01T07:04:00
db:CNNVDid:CNNVD-202209-776date:2023-03-09T00:00:00
db:NVDid:CVE-2022-32900date:2025-03-11T18:15:25.553

SOURCES RELEASE DATE
db:VULHUBid:VHN-424989date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-32900date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020306date:2023-11-01T00:00:00
db:PACKETSTORMid:168361date:2022-09-13T15:44:52
db:CNNVDid:CNNVD-202209-776date:2022-09-12T00:00:00
db:NVDid:CVE-2022-32900date:2023-02-27T20:15:12.200