CVE-2022-32914

Vulnerability

A use-after-free vulnerability exists in the kernel of Apple operating systems. The issue is addressed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, and tvOS 16. No further details on the vulnerable code component or required configuration are disclosed in the available references [1], [2], [3], [4].

Exploitation

An attacker would need to have the ability to run a malicious app on the target system. The steps to trigger the use-after-free are not publicly described, but the condition is triggered during app execution [1].

Impact

Successful exploitation allows the app to execute arbitrary code with kernel privileges, resulting in full compromise of the operating system. This grants the attacker the highest level of control over the device [1].

Mitigation

Apple released fixes on the following dates: macOS Ventura 13 on October 24, 2022 [1]; iOS 16, watchOS 9, and macOS Monterey 12.6 on September 12, 2022 [2], [3], [4]; and macOS Big Sur 11.7 on an earlier date. Users should update affected devices via Software Update. There is no known workaround, and this CVE is not listed on the CISA KEV.