CVE-2022-32949

Published: Feb 27, 2023Modified: Mar 11, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

Affected (3)

Products: Apple: Ipados, Iphone Os, Tvos

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.7.1
Apple Iphone Os	Before 15.7.1
Apple Tvos	Before 16.0

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://support.apple.com/en-us/HT213487

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213490

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213487

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213490

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.