CVE-2022-32944

Vulnerability

CVE-2022-32944 is a memory corruption issue in the image processing subsystem of Apple operating systems, addressed with improved state management. The vulnerability exists in iOS 15.x up to 15.7, iPadOS 15.x up to 15.7, iOS 16.x before 16.1, iPadOS 16.x before 16.1, macOS Big Sur before 11.7.1, macOS Monterey before 12.6.1, macOS Ventura before 13, watchOS before 9.1, and tvOS before 16.1 [1][2]. An app that processes a maliciously crafted image can trigger memory corruption [2].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted image to a victim's device, either through a malicious app or via a web page that renders the image. No special network position or authentication beyond the ability to deliver the image is required. The image processing code path is reachable during normal handling of images, such as when viewing an image in an app or loading it from a web page.

Impact

Successful exploitation allows an app to execute arbitrary code with kernel privileges [1][2]. This means an attacker can gain the highest level of system access, potentially leading to full device compromise, including data theft, malware installation, and persistent control.

Mitigation

Apple released patches for all affected platforms on October 24, 2022 [1][4]. Users should update to iOS 15.7.1 / iPadOS 15.7.1, iOS 16.1 / iPadOS 16, macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, watchOS 9.1, or tvOS 16.1 [1][2][3][4]. No workarounds are available. This CVE is not listed on CISA's Known Exploited Vulnerabilities Catalog as of the publication date.