Sign-up

ID

VAR-202210-1479


CVE

CVE-2022-32915


TITLE

Apple macOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

DESCRIPTION

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260 curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252 dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2022-32915: Tommy Muir (@Muirey03) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23504: Adam Doupé of ASU SEFCOM Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg) PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t) Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog) Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t) Additional recognition Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance. macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke NxlXeg/+JwvCu4zHuDTptxkKw1gxht0hTTVJvNjgNWj2XFtnOz9kCIupGj/xPTMl P9vABQWRbpEJfCJE31FbUcxRCMcr/jm8dDb1ocx4qsGLlY5iGLQ/M1G6OLxQVajg gGaCSMjW9Zk7l7sXztKj4XcirsB3ft9tiRJwgPUE0znaT70970usFdg+q95CzODm DHVoa5VNLi0zA4178CIiq4WayAZe90cRYYQQ1+Okjhab/U/blfGgEPhA/rrdjQ85 J4NKTXyGBIWl+Ix4HpLikYpnwm/TKyYiY+MogZ6xUmFwnUgXkPCc4gYdPANQk064 KNjy90yq3Os9IBjfDpw+Pqs6I3GMZ0oNYUKWO+45/0NVp5/qjDFt5K7ZS+Xz5Py7 YrodbwaYiESzsdfLja9ILf8X7taDLHxxfHEvWcXnhcMD1XNKU6mpsb8SOLicWYzp 8maZarjhzQl3dQi4Kz3vQk0hKHTIE6/04fRdDpqhM9WXljayLLO7bsryW8u98Y/b fR3BXgfsll+QjdLDeW3nfuY+q2JsW0a2lhJZnxuRQPC+wUGDoCY7vcCbv8zkx0oo y1w8VDBdUjj7vyVSAqoZNlpgl1ebKgciVhTvrgTsyVxuOA94VzDCeI5/6RkjDAJ+ WL2Em8qc4aqXvGEwimKdNkETbyqIRcNVXWhXLVGLsmHvDViVjGQ= =BbMS -----END PGP SIGNATURE-----

Trust: 1.08

sources: NVD: CVE-2022-32915 // VULHUB: VHN-425004 // PACKETSTORM: 170697

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.6.3

Trust: 1.0

sources: NVD: CVE-2022-32915

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-32915
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-1634
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-32915 // CNNVD: CNNVD-202210-1634

PROBLEMTYPE DATA

problemtype:CWE-843

Trust: 1.1

sources: VULHUB: VHN-425004 // NVD: CVE-2022-32915

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1634

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-32915

PATCH
title:Apple macOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212659
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202210-1634

EXTERNAL IDS
db:NVDid:CVE-2022-32915
Trust: 1.8
db:PACKETSTORMid:170697
Trust: 0.7
db:AUSCERTid:ESB-2022.5300
Trust: 0.6
db:CNNVDid:CNNVD-202210-1634
Trust: 0.6
db:VULHUBid:VHN-425004
Trust: 0.1
sources:
            
            
            VULHUB: VHN-425004 // 
            
            
            
            PACKETSTORM: 170697 // 
            
            
            
            NVD: CVE-2022-32915 // 
            
            
            
            CNNVD: CNNVD-202210-1634

REFERENCES
url:https://support.apple.com/en-us/ht213488
Trust: 2.3
url:https://support.apple.com/kb/ht213604
Trust: 1.7
url:http://seclists.org/fulldisclosure/2023/jan/20
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2022-32915/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5300
Trust: 0.6
url:https://packetstormsecurity.com/files/170697/apple-security-advisory-2023-01-23-5.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-39702
Trust: 0.6
url:https://support.apple.com/en-us/ht213604
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2023-23507
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-42915
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-35252
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32221
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-42916
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23493
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23497
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23504
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23505
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32915
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23499
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23508
Trust: 0.1
url:https://support.apple.com/ht213604.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-35260
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2023-23502
Trust: 0.1
url:https://support.apple.com/en-us/ht201222.
Trust: 0.1
sources:
            
            
            VULHUB: VHN-425004 // 
            
            
            
            PACKETSTORM: 170697 // 
            
            
            
            NVD: CVE-2022-32915 // 
            
            
            
            CNNVD: CNNVD-202210-1634

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 170697

SOURCES
db:VULHUBid:VHN-425004
db:PACKETSTORMid:170697
db:NVDid:CVE-2022-32915
db:CNNVDid:CNNVD-202210-1634

LAST UPDATE DATE
2023-12-18T11:48:25.569000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-425004date:2023-03-01T00:00:00
db:NVDid:CVE-2022-32915date:2023-03-01T18:05:33.623
db:CNNVDid:CNNVD-202210-1634date:2023-02-01T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-425004date:2022-11-01T00:00:00
db:PACKETSTORMid:170697date:2023-01-24T16:41:07
db:NVDid:CVE-2022-32915date:2022-11-01T20:15:19.327
db:CNNVDid:CNNVD-202210-1634date:2022-10-24T00:00:00