CVE-2022-32909: Medium severity apple ios and ipados vulnerability
Published Sep 12, 2022
·Updated
Apple Neural Engine. The issue was addressed with improved memory handling.
Other sources
Apple TV. The issue was addressed with improved handling of caches.
— Apple
AppleMobileFileIntegrity. This issue was addressed by removing additional entitlements.
— Apple
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data.
Credit
Csaba Fitzl@@theevilbit(Offensive Security), Mickey Jin@@patch1t, Anonymous(Trend Micro Zero Day Initiative), ABC Research s.r.o., Jonathan Zhang(Open Computing Facility), Guilherme Rambo(Best Buddy Apps), Bistrit Dahal, Asahi Lina@@LinaAsahi, Willy R. Vasquez(The University of Texas at Austin), Peter Pan ZhenPeng(STAR Labs), Tingting Yin(Tsinghua University), Tommy Muir@@Muirey03, Tim Michaud@@TimGMichaud(Moveworks), Xinru Chi(Pangu Lab), John Aakerblom@@jaakerblom, Ian Beer(Google Project Zero), Zweig(Kunlun Lab), an anonymous researcher, Xingwei Lin@@xwlin_roy(Ant Security Light), Yinyi Wu(Ant Security Light), IES Red Team(ByteDance), Mir Masood Ali(Illinois at Chicago), PhD student(Illinois at Chicago), University(Illinois at Chicago), MS student(Illinois at Chicago), Stony Brook University; Mohammad Ghasemisharif(Illinois at Chicago), PhD Candidate(Illinois at Chicago), Associate Professor(Illinois at Chicago), Stony Brook University; Jason Polakis(Illinois at Chicago), Justin Bui@@slyd0g(Snowflake), Cristian Dinca(Tudor Vianu National High School of Computer Science of), Francisco Alonso@@revskills, Jihwan Kim@@gPayl0ad, Dohyun Lee@@l33d0hyun, Dohyun Lee@@l33d0hyun(SSD Labs), Abdulrahman Alqabandi(Microsoft Browser Vulnerability Research), Ryan Shin(IAAI SecLab at Korea University), Dohyun Lee@@l33d0hyun(DNSLab at Korea University), Yonghwi Jin at Theori@@jinmo123(Trend Micro Zero Day Initiative), Wonyoung Jung@@nonetype_pwn(KAIST Hacking Lab), Dr Hideaki Goto(Tohoku University), Japan, Evgeny Legerov, Mohamed Ghannam@@_simo36
Affected Software
4 affected componentsFixes available
Apple iOS and iPadOS<16
16
iPhone OS<16.0
Apple iOS and iPadOS<16.1
16.1
Apple iOS, iPadOS, and macOS<16
16
Event History
Oct 24, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Nov 1, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2022-42795
- CVE-2022-32827
- CVE-2022-32907
- CVE-2022-32877
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-32889
- CVE-2022-32909
- CVE-2022-32854
- CVE-2022-32867
- CVE-2022-32865
- CVE-2022-32928
- CVE-2022-22643
- CVE-2022-32793
- CVE-2022-26744
- CVE-2022-32903
- CVE-2022-1622
- CVE-2022-32913
- CVE-2022-32887
- CVE-2022-32916
- CVE-2022-32914
- CVE-2022-32866
- CVE-2022-32911
- CVE-2022-32864
- CVE-2022-32917
- CVE-2022-32883
- CVE-2022-32908
- CVE-2022-32879
- CVE-2022-32918
- CVE-2022-32795
- CVE-2022-32868
- CVE-2022-32881
- CVE-2022-42793
- CVE-2022-32872
- CVE-2022-42790
- CVE-2022-32871
- CVE-2022-32870
- CVE-2022-42791
- CVE-2021-36690
- CVE-2022-32859
- CVE-2022-32835
- CVE-2022-32875
- CVE-2022-32833
- CVE-2022-32888
- CVE-2022-32891
- CVE-2022-32886
- CVE-2022-32912
- CVE-2022-32892
- CVE-2022-46709
- CVE-2022-32925
- CVE-2022-32932
- CVE-2022-42825
- CVE-2022-42798
- CVE-2022-32940
- CVE-2022-32929
- CVE-2022-42813
- CVE-2022-32945
- CVE-2022-32946
- CVE-2022-32935
- CVE-2022-32947
- CVE-2022-32939
- CVE-2022-42820
- CVE-2022-42806
- CVE-2022-46712
- CVE-2022-32944
- CVE-2022-42803
- CVE-2022-32926
- CVE-2022-42801
- CVE-2022-32924
- CVE-2022-42808
- CVE-2022-42827
- CVE-2022-42810
- CVE-2022-46715
- CVE-2022-42828
- CVE-2022-32941
- CVE-2022-42829
- CVE-2022-42830
- CVE-2022-42831
- CVE-2022-42832
- CVE-2022-42817
- CVE-2022-42811
- CVE-2022-32938
- CVE-2022-42792
- CVE-2022-42826
- CVE-2022-42799
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-32922
- CVE-2022-32923
- CVE-2022-32927
- CVE-2022-37434
- CVE-2022-42800
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-32909.
2
What is the affected software?
The affected software is Apple iOS version up to but not including 16.
3
What was the issue with Apple TV?
The issue with Apple TV was related to handling of caches.
4
How was the issue addressed?
The issue was addressed with improved handling of caches.
5
Where can I find more information about this issue?
You can find more information about this issue on the Apple support website: [https://support.apple.com/en-us/HT213446](https://support.apple.com/en-us/HT213446).