CVE-2022-32866

Vulnerability

A memory consumption issue exists in the image processing subsystem of Apple operating systems (macOS Big Sur 11.7, macOS Monterey 12.6, macOS Ventura 13, watchOS 9, tvOS 16). Processing a specially crafted image can cause memory to be improperly handled, leading to arbitrary code execution. The vulnerability is addressed with improved memory handling. Affected versions include macOS Big Sur before 11.7, macOS Monterey before 12.6, macOS Ventura before 13, watchOS before 9, and tvOS before 16.

Exploitation

An attacker must deliver a maliciously crafted image to a user on an affected system. No additional authentication or positioning beyond the ability to have the image processed (e.g., via email, web download, or a messaging app) is required. The user must open or view that image in an application using the vulnerable image processing path. The exploit sequence is triggered automatically upon processing the image.

Impact

Successful exploitation allows an app to execute arbitrary code with kernel privileges. The attacker gains full control over the affected device, including the ability to install malware, read or modify sensitive data, and perform any action without user knowledge [1][2].

Mitigation

Apple released fixes in macOS Big Sur 11.7, macOS Monterey 12.6, macOS Ventura 13, watchOS 9, and tvOS 16 on September 12, 2022 (watchOS 9) and October 24, 2022 (macOS Ventura 13). Users should update to the latest available version. No workarounds are documented. The vulnerability is not listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog as of this writing.