Apple Macos

A logic issue was addressed with improved state management

CVE-2022-32875 5 - Medium - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information.

A use after free issue was addressed with improved memory management

CVE-2022-42829 6.7 - Medium - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Dangling pointer

The issue was addressed with improved memory handling

CVE-2022-42830 6.7 - Medium - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

A race condition was addressed with improved locking

CVE-2022-42831 6.4 - Medium - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Race Condition

A race condition was addressed with improved locking

CVE-2022-42832 6.4 - Medium - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Race Condition

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32888 8.8 - High - November 01, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved checks

CVE-2022-32890 8.6 - High - November 01, 2022

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

An access issue was addressed with improvements to the sandbox

CVE-2022-32892 8.6 - High - November 01, 2022

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

A race condition was addressed with improved state handling

CVE-2022-32895 4.7 - Medium - November 01, 2022

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.

Race Condition

The issue was addressed with improved memory handling

CVE-2022-32898 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with additional restrictions on the observability of app states

CVE-2022-32913 3.3 - Low - November 01, 2022

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.

A logic issue in the handling of concurrent media was addressed with improved state handling

CVE-2022-22677 4.3 - Medium - November 01, 2022

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.

A use after free issue was addressed with improved memory management

CVE-2022-26709 8.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A use after free issue was addressed with improved memory management

CVE-2022-26710 8.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A memory corruption issue was addressed with improved state management

CVE-2022-26716 8.8 - High - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.

A use after free issue was addressed with improved memory management

CVE-2022-26717 8.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A memory corruption issue was addressed with improved state management

CVE-2022-26719 8.8 - High - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.

A memory corruption issue existed in the processing of ICC profiles

CVE-2022-26730 8.8 - High - November 01, 2022

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

A memory corruption issue was addressed with improved memory handling

CVE-2022-26762 7.8 - High - November 01, 2022

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with system privileges.

A logic issue was addressed with improved state management

CVE-2022-32794 7.8 - High - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.

A memory corruption issue was addressed with improved state management

CVE-2022-32827 5.5 - Medium - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service.

The issue was addressed with improved memory handling

CVE-2022-32858 5.5 - Medium - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state.

This issue was addressed with improved data protection

CVE-2022-32862 5.5 - Medium - November 01, 2022

This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information.

A configuration issue was addressed with additional restrictions

CVE-2022-32877 5.5 - Medium - November 01, 2022

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data.

A logic issue was addressed with improved restrictions

CVE-2022-32881 5.5 - Medium - November 01, 2022

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system.

The issue was addressed with improved memory handling

CVE-2022-32899 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved checks

CVE-2022-32910 7.5 - High - November 01, 2022

A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.

An access issue was addressed with additional sandbox restrictions

CVE-2022-42811 5.5 - Medium - November 01, 2022

An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.

A certificate validation issue existed in the handling of WKWebView

CVE-2022-42813 9.8 - Critical - November 01, 2022

A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution.

Improper Certificate Validation

A logic issue was addressed with improved checks

CVE-2022-42814 5.5 - Medium - November 01, 2022

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.

This issue was addressed with improved data protection

CVE-2022-42815 5.5 - Medium - November 01, 2022

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.

This issue was addressed with improved data protection

CVE-2022-42818 5.9 - Medium - November 01, 2022

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.

An access issue was addressed with improved access restrictions

CVE-2022-42819 5.5 - Medium - November 01, 2022

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information.

A memory corruption issue was addressed with improved state management

CVE-2022-42820 7.8 - High - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may cause unexpected app termination or arbitrary code execution.

A type confusion issue was addressed with improved memory handling

CVE-2022-42823 8.8 - High - November 01, 2022

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

A logic issue was addressed with improved state management

CVE-2022-42824 5.5 - Medium - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

This issue was addressed by removing additional entitlements

CVE-2022-42825 5.5 - Medium - November 01, 2022

This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-42827 7.8 - High - November 01, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Memory Corruption

An issue in code signature validation was addressed with improved checks

CVE-2022-42793 5.5 - Medium - November 01, 2022

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks.

Improper Input Validation

This issue was addressed by removing the vulnerable code

CVE-2022-42796 7.8 - High - November 01, 2022

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges.

The issue was addressed with improved memory handling

CVE-2022-42798 5.5 - Medium - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information.

The issue was addressed with improved UI handling

CVE-2022-42799 6.1 - Medium - November 01, 2022

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.

Clickjacking

This issue was addressed with improved checks

CVE-2022-42800 7.8 - High - November 01, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

A logic issue was addressed with improved checks

CVE-2022-42801 7.8 - High - November 01, 2022

A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.

A race condition was addressed with improved locking

CVE-2022-42803 7 - High - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.

Race Condition

A race condition was addressed with improved locking

CVE-2022-42806 7 - High - November 01, 2022

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Race Condition

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-42808 9.8 - Critical - November 01, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution.

Memory Corruption

The issue was addressed with improved memory handling

CVE-2022-42809 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution.

The issue was addressed with improved memory handling

CVE-2022-42810 5.5 - Medium - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.

An access issue was addressed with additional sandbox restrictions

CVE-2022-32904 5.5 - Medium - November 01, 2022

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.

This issue was addressed with improved validation of symlinks

CVE-2022-32905 7.8 - High - November 01, 2022

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges.

insecure temporary file

This issue was addressed with improved data protection

CVE-2022-32918 5.5 - Medium - November 01, 2022

This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences.

A permissions issue existed

CVE-2022-42788 5.5 - Medium - November 01, 2022

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information.

Incorrect Permission Assignment for Critical Resource

An issue in code signature validation was addressed with improved checks

CVE-2022-42789 5.5 - Medium - November 01, 2022

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.

A logic issue was addressed with improved state management

CVE-2022-42790 5.5 - Medium - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen.

A race condition was addressed with improved state handling

CVE-2022-42791 7 - High - November 01, 2022

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Race Condition

A memory consumption issue was addressed with improved memory handling

CVE-2022-42795 8.8 - High - November 01, 2022

A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2022-32879 2.4 - Low - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.

A use after free issue was addressed with improved memory management

CVE-2022-32914 7.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A type confusion issue was addressed with improved checks

CVE-2022-32915 7.8 - High - November 01, 2022

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Object Type Confusion

A use after free issue was addressed with improved memory management

CVE-2022-32922 8.8 - High - November 01, 2022

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A correctness issue in the JIT was addressed with improved checks

CVE-2022-32923 6.5 - Medium - November 01, 2022

A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.

The issue was addressed with improved memory handling

CVE-2022-32924 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32926 6.7 - Medium - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved restrictions

CVE-2022-32928 5.3 - Medium - November 01, 2022

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials.

The issue was addressed with improved memory handling

CVE-2022-32934 8.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution.

A lock screen issue was addressed with improved state management

CVE-2022-32935 4.6 - Medium - November 01, 2022

A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.

An out-of-bounds read was addressed with improved input validation

CVE-2022-32936 5.5 - Medium - November 01, 2022

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory.

Out-of-bounds Read

A parsing issue in the handling of directory paths was addressed with improved path validation

CVE-2022-32938 5.3 - Medium - November 01, 2022

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.

The issue was addressed with improved bounds checks

CVE-2022-32940 7.8 - High - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved bounds checks

CVE-2022-32941 9.8 - Critical - November 01, 2022

The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.

Classic Buffer Overflow

A memory corruption issue was addressed with improved state management

CVE-2022-32944 7.8 - High - November 01, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32947 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32865 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved memory handling

CVE-2022-32866 7.8 - High - November 01, 2022

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved data protection

CVE-2022-32867 2.4 - Low - November 01, 2022

This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs.

A logic issue was addressed with improved state management

CVE-2022-32870 2.4 - Low - November 01, 2022

A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information.

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.

CVE-2022-1725 5.5 - Medium - September 29, 2022

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.

NULL Pointer Dereference

A type confusion issue was addressed with improved state handling

CVE-2022-32814 7.8 - High - September 23, 2022

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

Object Type Confusion

A buffer overflow issue was addressed with improved memory handling

CVE-2022-22629 8.8 - High - September 23, 2022

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved checks

CVE-2022-32783 5.5 - Medium - September 23, 2022

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.

The issue was addressed with improved memory handling

CVE-2022-32825 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

This issue was addressed with improved checks

CVE-2022-32829 7.8 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

A memory corruption issue was addressed with improved state management

CVE-2022-32796 7.8 - High - September 23, 2022

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2022-32797 7.1 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

This issue was addressed with improved checks

CVE-2022-32800 5.5 - Medium - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

This issue was addressed with improved checks

CVE-2022-32801 7.8 - High - September 23, 2022

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges.

The issue was addressed with improved handling of caches

CVE-2022-32805 5.5 - Medium - September 23, 2022

The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.

This issue was addressed with improved file handling

CVE-2022-32807 7.1 - High - September 23, 2022

This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.

The issue was addressed with improved memory handling

CVE-2022-32815 7.8 - High - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

The issue was addressed with improved UI handling

CVE-2022-32816 6.5 - Medium - September 23, 2022

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.

An out-of-bounds read issue was addressed with improved bounds checking

CVE-2022-32817 5.5 - Medium - September 23, 2022

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2022-32818 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.

An out-of-bounds write issue was addressed with improved input validation

CVE-2022-32798 7.8 - High - September 23, 2022

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. An app may be able to gain elevated privileges.

Memory Corruption

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-32851 7.1 - High - September 23, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-32852 7.1 - High - September 23, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

An out-of-bounds read issue was addressed with improved input validation

CVE-2022-32853 7.1 - High - September 23, 2022

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2022-32828 5.5 - Medium - September 23, 2022

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.

A memory corruption issue was addressed with improved validation

CVE-2022-32821 7.8 - High - September 23, 2022

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.

A memory initialization issue was addressed with improved memory handling

CVE-2022-32823 5.5 - Medium - September 23, 2022

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.

Improper Initialization