CVE-2022-32947

Vulnerability

A memory consumption issue exists in the kernel of Apple operating systems that can be triggered by processing a maliciously crafted image. The vulnerability affects iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1, and earlier versions on eligible devices. The issue was addressed with improved memory handling [1][2][3].

Exploitation

An attacker requires the ability to deliver a specially crafted image to the target system, likely through a malicious app or web content. No additional privileges are needed beyond the ability to process the image; the exploitation occurs during image parsing within the kernel context [1][2].

Impact

Successful exploitation allows an app to execute arbitrary code with kernel privileges, leading to full compromise of the device's operating system and access to all user data [2].

Mitigation

Apple released fixed versions on October 24, 2022: iOS 16.1, iPadOS 16, macOS Ventura 13, and watchOS 9.1. Users should update to the latest available versions via the Settings app or Software Update. No workarounds are available, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1][2][3].