CVE-2022-32880: Input Validation
Published Jul 20, 2022
·Updated
AMD. A memory corruption issue was addressed with improved input validation.
Other sources
APFS. The issue was addressed with improved memory handling.
— Apple
AppleAVD. A buffer overflow was addressed with improved bounds checking.
— Apple
AppleMobileFileIntegrity. This issue was addressed by enabling hardened runtime.
— Apple
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.
— MITRE
Credit
Wojciech Reguła@@_r3ggi(SecuRing), Mickey Jin@@patch1t(Trend Micro), Csaba Fitzl@@theevilbit(Offensive Security), Tommy Muir@@Muirey03, Natalie Silvanovich(Google Project Zero), Mohamed Ghannam@@_simo36, Mickey Jin@@patch1t, Mickey Jin@@patch1t(Baidu Security), Ye Zhang@@co0py_Cat(Baidu Security), Ferdous Saljooki@@malwarezoo(Jamf Software), an anonymous researcher, John Aakerblom@@jaakerblom, Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Antonio Zekic@@antoniozekic, Daniel Lim Wee Soong(STAR Labs), Joshua Mason(Mandiant), Joshua Jones, Dohyun Lee@@l33d0hyun(SSD Secure Disclosure Labs), Korea Univ., Ivan Fratric(Google Project Zero), hjy79425575, Yiğit Can YILMAZ@@yilmazcanyigit, ABC Research s.r.o, Yinyi Wu@@3ndy1, ABC Research s.r.o., Dongzhuo Zhao(ADLab of Venustech), (Cyberpeace Tech Co), ZhaoHai(Cyberpeace Tech Co), Ltd., Xinru Chi(Pangu Lab), Tingting Yin(Tsinghua University), (Ant Group), Min Zheng(Ant Group), Hexhive (hexhive.epfl.ch)(China), NCNIPC(China), CVE-2022-32823, Pan ZhenPeng@@Peterpan0927, Kai Lu(Zscaler's ThreatLabz), Sreejith Krishnan R@@skr0x1c0, Jeffrey Paul (sneak.berlin), Joshua Mason @jhu.edu)@@josh, Evgeny Kotkov, visualsvn.com, Xuxiang Yang@@another1024(Tencent Security Xuanwu Lab), Gordon Long(Computest Sector 7), Thijs Alkemade@@xnyhps(Computest Sector 7), Adam Chester(TrustedSec), Yuebin Sun@@yuebinsun2020(Tencent Security Xuanwu Lab), Binoy Chitale(Illinois at Chicago), MS student(Illinois at Chicago), Stony Brook University(Illinois at Chicago), Nick Nikiforakis(Illinois at Chicago), Associate Professor(Illinois at Chicago), Jason Polakis(Illinois at Chicago), University(Illinois at Chicago), Mir Masood Ali(Illinois at Chicago), PhD student(Illinois at Chicago), Chris Kanich(Illinois at Chicago), (Illinois at Chicago), Mohammad Ghasemisharif(Illinois at Chicago), PhD Candidate(Illinois at Chicago), P1umer@@p1umer, Q1IQ@@q1iqF, Matthias Keller (m-keller.com), afang@@afang5472, xmzyshypnc@@xmzyshypnc1, Manfred Paul@@_manfp(Trend Micro Zero Day Initiative), Jan Vojtesek(Avast Threat Intelligence team), Wang Yu(Cyberserval), Jeremy Legendre(MacEnhance)
Affected Software
2 affected componentsFixes available
macOS<12.5
12.5
macOS>=12.0.0<12.5
Event History
Jul 20, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Sep 20, 2022
CVE Published
via MITRE·08:19 PM
Data Sourced
via MITRE·08:19 PM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2022-42858
- CVE-2022-32832
- CVE-2022-32788
- CVE-2022-32880
- CVE-2022-32826
- CVE-2022-42805
- CVE-2022-32948
- CVE-2022-32810
- CVE-2022-32840
- CVE-2022-32845
- CVE-2022-48578
- CVE-2022-32797
- CVE-2022-32851
- CVE-2022-32852
- CVE-2022-32853
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32820
- CVE-2022-32825
- CVE-2022-32789
- CVE-2022-32805
- CVE-2022-32828
- CVE-2022-32839
- CVE-2022-32819
- CVE-2022-32793
- CVE-2022-32821
- CVE-2022-32849
- CVE-2022-32787
- CVE-2022-32897
- CVE-2022-32802
- CVE-2022-32841
- CVE-2022-32785
- CVE-2022-32811
- CVE-2022-32812
- CVE-2022-48503
- CVE-2022-32813
- CVE-2022-32815
- CVE-2022-32817
- CVE-2022-32829
- CVE-2022-26981
- CVE-2022-32823
- CVE-2022-32814
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32838
- CVE-2022-32843
- CVE-2022-46708
- CVE-2022-32796
- CVE-2022-32842
- CVE-2022-32798
- CVE-2022-32799
- CVE-2022-32818
- CVE-2022-32857
- CVE-2022-32807
- CVE-2022-32801
- CVE-2021-28544
- CVE-2022-24070
- CVE-2022-29046
- CVE-2022-29048
- CVE-2022-32834
- CVE-2022-32933
- CVE-2022-32885
- CVE-2022-32861
- CVE-2022-32863
- CVE-2022-32816
- CVE-2022-32792
- CVE-2022-2294
- CVE-2022-32860
- CVE-2022-32837
- CVE-2022-32847
- CVE-2022-32848
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-32880.
2
What is the title of this vulnerability?
The title of this vulnerability is AppleMobileFileIntegrity.
3
How was this vulnerability addressed?
This vulnerability was addressed by enabling hardened runtime.
4
Which version of macOS Monterey is affected by this vulnerability?
macOS Monterey version 12.5 is affected by this vulnerability.
5
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Apple support website: [Apple Support - HT213345](https://support.apple.com/en-us/HT213345)