CVE-2022-32941

Vulnerability

CVE-2022-32941 is a buffer overflow vulnerability in the image processing component of Apple operating systems. The bug stems from insufficient bounds checking and memory handling when parsing crafted image data. The issue affects iOS 16.0 and earlier (fixed in iOS 16.1), iPadOS 16.0 (fixed in iPadOS 16), iOS 15.0-15.7 (fixed in iOS 15.7.1), iPadOS 15.0-15.7 (fixed in iPadOS 15.7.1), macOS Ventura 12.0-12.6 (fixed in macOS Ventura 13), macOS Monterey 12.0-12.6 (fixed in 12.6.1), and macOS Big Sur 11.0-11.6 (fixed in 11.7.1). [1][2][3][4]

Exploitation

An attacker must deliver a maliciously crafted image to the target system. On macOS, the attack vector is processing the image (e.g., by opening it in Preview or Quick Look) [1]. On iOS and iPadOS, an app that processes the image could exploit the flaw, potentially triggered by a remote resource such as a web link or message attachment [2][3]. No special authentication or access is required; user interaction is minimal (e.g., opening the image).

Impact

Successful exploitation allows an attacker to execute arbitrary code. On macOS, the impact is arbitrary code execution in the context of the user process [1]. On iOS and iPadOS, a malicious app can achieve arbitrary code execution with kernel privileges, giving full system compromise [2][3]. The Apple advisory for macOS Monterey 12.6.1 also notes that the vulnerability could allow an app to modify protected parts of the file system [4].

Mitigation

Apple has released fixes in the following updates: iOS 16.1, iPadOS 16, macOS Ventura 13, iOS 15.7.1, iPadOS 15.7.1, macOS Monterey 12.6.1, and macOS Big Sur 11.7.1 [1][2][3][4]. Users should update their devices to these versions or later. There are no known workarounds. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.