CVE-2022-32932

Vulnerability

The vulnerability is a memory handling issue in the kernel of iOS, iPadOS, and watchOS. It affects iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, and Apple Watch Series 4 and later. The issue is present in versions prior to iOS 15.7.1, iPadOS 15.7.1, iOS 16.1, iPadOS 16, and watchOS 9.1 [1][3].

Exploitation

An attacker would need to have an app installed on the device. No additional privileges or user interaction beyond launching the app are required. The app can trigger the memory handling flaw to achieve arbitrary code execution at the kernel level.

Impact

Successful exploitation allows the app to execute arbitrary code with kernel privileges, leading to full compromise of the device's operating system. This can result in unauthorized access to sensitive data, modification of system files, and persistent control.

Mitigation

Apple has addressed the issue in iOS 15.7.1 and iPadOS 15.7.1 (released October 27, 2022), iOS 16.1 and iPadOS 16 (released October 24, 2022), and watchOS 9.1 (released October 24, 2022) [1][3]. Users should update their devices to the latest available versions. No workarounds are provided.