cvelistv5 - cve-2022-32912

CVE-2022-32912 (GCVE-0-2022-32912)

Vulnerability from cvelistv5

Published

2022-09-20 00:00

Modified

2026-01-07 21:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Summary

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

References

URL

Tags

	https://support.apple.com/en-us/HT213446
	https://support.apple.com/en-us/HT213445
	https://support.apple.com/en-us/HT213442
	http://seclists.org/fulldisclosure/2022/Oct/41	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/28	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/39	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/40	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/49	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/50	mailing-list
	http://seclists.org/fulldisclosure/2022/Oct/47	mailing-list

Impacted products

Vendor

Product

Version

Apple

iOS

Version: unspecified < 16

	Apple	Safari	Version: unspecified < 16
	Apple	iOS and iPadOS	Version: unspecified < 15.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:54:03.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213446"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213442"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/50"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-11 tvOS 16",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Oct/47"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-32912",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-29T14:17:11.448430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:40:44.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-30T00:00:00.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213446"
        },
        {
          "url": "https://support.apple.com/en-us/HT213445"
        },
        {
          "url": "https://support.apple.com/en-us/HT213442"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/50"
        },
        {
          "name": "20221030 APPLE-SA-2022-10-27-11 tvOS 16",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Oct/47"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2022-32912",
    "datePublished": "2022-09-20T00:00:00.000Z",
    "dateReserved": "2022-06-09T00:00:00.000Z",
    "dateUpdated": "2026-01-07T21:40:44.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213446\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213445\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213442\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/41\", \"name\": \"20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/28\", \"name\": \"20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/39\", \"name\": \"20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/40\", \"name\": \"20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/49\", \"name\": \"20221030 APPLE-SA-2022-10-27-13 watchOS 9\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/50\", \"name\": \"20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/47\", \"name\": \"20221030 APPLE-SA-2022-10-27-11 tvOS 16\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T07:54:03.153Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-32912\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-29T14:17:11.448430Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-29T14:17:29.625Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.7\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213446\"}, {\"url\": \"https://support.apple.com/en-us/HT213445\"}, {\"url\": \"https://support.apple.com/en-us/HT213442\"}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/41\", \"name\": \"20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/28\", \"name\": \"20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/39\", \"name\": \"20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/40\", \"name\": \"20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/49\", \"name\": \"20221030 APPLE-SA-2022-10-27-13 watchOS 9\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/50\", \"name\": \"20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/47\", \"name\": \"20221030 APPLE-SA-2022-10-27-11 tvOS 16\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2022-10-30T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-32912\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-07T21:40:44.517Z\", \"dateReserved\": \"2022-06-09T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2022-09-20T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2022-AVI-947

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 9.1
Apple	N/A	iPadOS versions antérieures à 16
Apple	macOS	macOS Monterey versions antérieures à 12.6.1
Apple	Safari	Safari versions antérieures à 16.1
Apple	macOS	macOS Ventura versions antérieures à 13
Apple	N/A	iOS versions antérieures à 16.1
Apple	macOS	macOS Big Sur versions antérieures à 11.7.1
Apple	N/A	tvOS versions antérieures à 16.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213493 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213489 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213492 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213491 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213494 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213488 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213495 du 24 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.6.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1621"
    },
    {
      "name": "CVE-2022-42819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42819"
    },
    {
      "name": "CVE-2022-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
    },
    {
      "name": "CVE-2022-2000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2000"
    },
    {
      "name": "CVE-2022-1381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1381"
    },
    {
      "name": "CVE-2022-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
    },
    {
      "name": "CVE-2021-39537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39537"
    },
    {
      "name": "CVE-2022-1898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1898"
    },
    {
      "name": "CVE-2022-42832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42832"
    },
    {
      "name": "CVE-2022-42823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42823"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-32913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32913"
    },
    {
      "name": "CVE-2022-32928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32928"
    },
    {
      "name": "CVE-2021-36690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
    },
    {
      "name": "CVE-2022-42815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42815"
    },
    {
      "name": "CVE-2022-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1968"
    },
    {
      "name": "CVE-2022-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32936"
    },
    {
      "name": "CVE-2022-28739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-42793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42793"
    },
    {
      "name": "CVE-2022-32915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32915"
    },
    {
      "name": "CVE-2022-1629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1629"
    },
    {
      "name": "CVE-2022-42827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"
    },
    {
      "name": "CVE-2022-42830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42830"
    },
    {
      "name": "CVE-2022-0554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
    },
    {
      "name": "CVE-2022-32862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32862"
    },
    {
      "name": "CVE-2022-0572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
    },
    {
      "name": "CVE-2022-42824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42824"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
    },
    {
      "name": "CVE-2022-1733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1733"
    },
    {
      "name": "CVE-2022-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0943"
    },
    {
      "name": "CVE-2022-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1927"
    },
    {
      "name": "CVE-2022-1851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1851"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2022-42795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42795"
    },
    {
      "name": "CVE-2022-1897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1897"
    },
    {
      "name": "CVE-2022-0368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
    },
    {
      "name": "CVE-2022-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
    },
    {
      "name": "CVE-2022-42829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42829"
    },
    {
      "name": "CVE-2022-42831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42831"
    },
    {
      "name": "CVE-2022-42806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42806"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2022-42796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42796"
    },
    {
      "name": "CVE-2022-32866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32866"
    },
    {
      "name": "CVE-2022-42808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42808"
    },
    {
      "name": "CVE-2022-32940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32940"
    },
    {
      "name": "CVE-2022-42790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42790"
    },
    {
      "name": "CVE-2022-42788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42788"
    },
    {
      "name": "CVE-2022-32886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32886"
    },
    {
      "name": "CVE-2022-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1622"
    },
    {
      "name": "CVE-2022-0629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
    },
    {
      "name": "CVE-2022-29458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
    },
    {
      "name": "CVE-2022-32890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32890"
    },
    {
      "name": "CVE-2022-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
    },
    {
      "name": "CVE-2022-42814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42814"
    },
    {
      "name": "CVE-2022-32867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32867"
    },
    {
      "name": "CVE-2022-32924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32924"
    },
    {
      "name": "CVE-2022-32883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32883"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2022-42818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42818"
    },
    {
      "name": "CVE-2022-42789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42789"
    },
    {
      "name": "CVE-2022-32912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32912"
    },
    {
      "name": "CVE-2022-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32918"
    },
    {
      "name": "CVE-2022-32908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32908"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2022-32911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32911"
    },
    {
      "name": "CVE-2022-42813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42813"
    },
    {
      "name": "CVE-2022-32864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32864"
    },
    {
      "name": "CVE-2022-1942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1942"
    },
    {
      "name": "CVE-2022-1735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1735"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2022-42809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42809"
    },
    {
      "name": "CVE-2022-0359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
    },
    {
      "name": "CVE-2022-1420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1420"
    },
    {
      "name": "CVE-2022-32898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32898"
    },
    {
      "name": "CVE-2022-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32938"
    },
    {
      "name": "CVE-2022-32827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32827"
    },
    {
      "name": "CVE-2022-26730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26730"
    },
    {
      "name": "CVE-2022-42799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42799"
    },
    {
      "name": "CVE-2022-32914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32914"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2022-32875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32875"
    },
    {
      "name": "CVE-2022-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-32892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32892"
    },
    {
      "name": "CVE-2022-32881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32881"
    },
    {
      "name": "CVE-2022-42811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42811"
    },
    {
      "name": "CVE-2022-32905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32905"
    },
    {
      "name": "CVE-2022-32895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32895"
    },
    {
      "name": "CVE-2022-32922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32922"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2022-32902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32902"
    },
    {
      "name": "CVE-2022-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
    },
    {
      "name": "CVE-2022-32904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32904"
    },
    {
      "name": "CVE-2022-32879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32879"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2022-32865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32865"
    },
    {
      "name": "CVE-2022-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1769"
    },
    {
      "name": "CVE-2022-32947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32947"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2022-32858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32858"
    },
    {
      "name": "CVE-2022-32899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32899"
    },
    {
      "name": "CVE-2022-32870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32870"
    },
    {
      "name": "CVE-2022-0685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
    },
    {
      "name": "CVE-2022-42820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42820"
    },
    {
      "name": "CVE-2022-32934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32934"
    },
    {
      "name": "CVE-2022-42825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42825"
    },
    {
      "name": "CVE-2022-32888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32888"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-42791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42791"
    },
    {
      "name": "CVE-2022-32946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32946"
    }
  ],
  "initial_release_date": "2022-10-25T00:00:00",
  "last_revision_date": "2022-10-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-947",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9\u00a0CVE-2022-42827 serait activement\nexploit\u00e9e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213493 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213489 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213489"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213492 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213492"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213491 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213491"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213494 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213488 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213488"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213495 du 24 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213495"
    }
  ]
}

CERTFR-2022-AVI-812

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iOS 15.7 et iPadOS versions antérieures à 15.7
Apple	Safari	Safari versions antérieures à 16
Apple	N/A	iOS versions antérieures à 16
Apple	macOS	macOS Monterey versions antérieures à 12.6
Apple	macOS	macOS Big Sur versions antérieures à 11.7

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213443 du 12 septembre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213445 du 12 septembre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213442 du 12 septembre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213444 du 12 septembre 2022	None	vendor-advisory
Bulletin de sécurité Apple HT213446 du 12 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS 15.7 et iPadOS versions ant\u00e9rieures \u00e0 15.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 16",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.7",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32891"
    },
    {
      "name": "CVE-2022-32795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32795"
    },
    {
      "name": "CVE-2022-32917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32917"
    },
    {
      "name": "CVE-2022-32900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32900"
    },
    {
      "name": "CVE-2022-32854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32854"
    },
    {
      "name": "CVE-2022-32886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32886"
    },
    {
      "name": "CVE-2022-32896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32896"
    },
    {
      "name": "CVE-2022-32894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32894"
    },
    {
      "name": "CVE-2022-32883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32883"
    },
    {
      "name": "CVE-2022-32912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32912"
    },
    {
      "name": "CVE-2022-32908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32908"
    },
    {
      "name": "CVE-2022-32911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32911"
    },
    {
      "name": "CVE-2022-32864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32864"
    },
    {
      "name": "CVE-2022-32868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32868"
    },
    {
      "name": "CVE-2022-32902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32902"
    },
    {
      "name": "CVE-2022-32872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32872"
    }
  ],
  "initial_release_date": "2022-09-13T00:00:00",
  "last_revision_date": "2022-09-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-812",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213443 du 12 septembre 2022",
      "url": "https://support.apple.com/en-us/HT213443"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213445 du 12 septembre 2022",
      "url": "https://support.apple.com/en-us/HT213445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213442 du 12 septembre 2022",
      "url": "https://support.apple.com/en-us/HT213442"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213444 du 12 septembre 2022",
      "url": "https://support.apple.com/en-us/HT213444"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213446 du 12 septembre 2022",
      "url": "https://support.apple.com/en-us/HT213446"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-32912 (GCVE-0-2022-32912)

Vulnerability from cvelistv5

CERTFR-2022-AVI-947

Vulnerability from certfr_avis

Solution

CERTFR-2022-AVI-812

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature