CVE-2022-32812

Vulnerability

A memory corruption issue exists in the macOS kernel that can be triggered by an app. The vulnerability is present in macOS Monterey prior to 12.5, macOS Big Sur prior to 11.6.8, and macOS Catalina prior to Security Update 2022-005. The issue was addressed with improved memory handling [1][2][3].

Exploitation

An attacker must have the ability to run a malicious app on the affected system. No additional privileges are required for exploitation on macOS Monterey, while on macOS Big Sur and Catalina the app must have root privileges [2][3]. The exact exploitation steps are not publicly disclosed.

Impact

Successful exploitation allows the app to execute arbitrary code with kernel privileges, leading to full compromise of the operating system's security [1][2][3].

Mitigation

Apple released fixes on July 20, 2022: macOS Monterey 12.5, macOS Big Sur 11.6.8, and Security Update 2022-005 for Catalina [1][2][3]. Users should update to these versions or later. No workarounds are available.