CVE-2022-32927

Vulnerability

The issue is a memory handling vulnerability in the iOS and iPadOS operating systems that causes the Settings app to crash when a user joins a malicious Wi-Fi network. Affected versions include all iOS and iPadOS versions prior to 15.7.1 and 16.1. The vulnerability is present in the Wi-Fi network joining process and can be triggered without any additional conditions beyond user interaction.

Exploitation

An attacker with a malicious Wi-Fi network can exploit this vulnerability by luring a user to join the network. No authentication or special privileges are required; the attacker only needs to control a Wi-Fi access point. The user must manually select and connect to the malicious network for the exploit to succeed.

Impact

Successful exploitation leads to a denial-of-service condition of the Settings app, causing it to crash or become unresponsive. This may prevent the user from modifying system settings but does not result in data disclosure or code execution. The vulnerability does not affect other apps or system functionality.

Mitigation

Apple addressed this vulnerability in iOS 15.7.1 and iPadOS 15.7.1 (released October 27, 2022) and iOS 16.1 and iPadOS 16 (released October 24, 2022) [1][2]. Users should update their devices to the latest available versions. No workarounds are available for unpatched devices.