CVE-2022-32815

Vulnerability

A memory corruption issue exists in the Apple File System (APFS) component of multiple Apple operating systems. The vulnerability affects iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, and Security Update 2022-005 Catalina. An app with root privileges can exploit this flaw to execute arbitrary code with kernel privileges. The issue was addressed with improved memory handling (or input validation, per reference [1] for macOS Monterey). The precise nature of the memory corruption is not publicly detailed.

Exploitation

An attacker would need to have root privileges on the affected device and run a malicious app. No additional user interaction is required beyond installing the app. The attacker must be able to trigger the memory corruption condition through the APFS interface. Since root access is already required, the privilege escalation is from root to kernel.

Impact

Successful exploitation allows an attacker with root privileges to execute arbitrary code with kernel privileges, gaining full control over the operating system. This leads to complete compromise of confidentiality, integrity, and availability of the device. The attacker can bypass security mechanisms enforced at the kernel level.

Mitigation

Apple released fixes on July 20, 2022, in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, and Security Update 2022-005 Catalina [1][2][3][4]. Users should update to the latest available version for their device. There is no known workaround, as the only mitigation is applying the security updates.