CVE-2022-32932: High severity apple ios, ipados, and watchos vulnerability

Q: What is CVE-2022-32932?

CVE-2022-32932 is a vulnerability in Apple Neural Engine that was addressed with improved memory handling.

Q: Which software versions are affected by CVE-2022-32932?

CVE-2022-32932 affects Apple iOS versions up to exclusive 16.1, Apple iPadOS versions up to exclusive 16, and Apple watchOS versions up to exclusive 9.1.

Q: How can I fix CVE-2022-32932?

To fix CVE-2022-32932, update your Apple device to iOS 16.1, iPadOS 16, or watchOS 9.1.

Q: Where can I find more information about CVE-2022-32932?

You can find more information about CVE-2022-32932 on the Apple support website at the following links: [link1](https://support.apple.com/en-us/HT213489), [link2](https://support.apple.com/en-us/HT213491), [link3](https://support.apple.com/en-us/HT213490).

Published Oct 24, 2022

Updated

Apple Neural Engine. The issue was addressed with improved memory handling.

Other sources

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.

Credit

Mohamed Ghannam@@_simo36, Mickey Jin@@patch1t, Csaba Fitzl@@theevilbit(Offensive Security), Anonymous(Trend Micro Zero Day Initiative), ABC Research s.r.o., Jonathan Zhang(Open Computing Facility), Guilherme Rambo(Best Buddy Apps), Bistrit Dahal, Asahi Lina@@LinaAsahi, Willy R. Vasquez(The University of Texas at Austin), Peter Pan ZhenPeng(STAR Labs), Tingting Yin(Tsinghua University), Tommy Muir@@Muirey03, Tim Michaud@@TimGMichaud(Moveworks), Xinru Chi(Pangu Lab), John Aakerblom@@jaakerblom, Ian Beer(Google Project Zero), Zweig(Kunlun Lab), an anonymous researcher, Xingwei Lin@@xwlin_roy(Ant Security Light), Yinyi Wu(Ant Security Light), IES Red Team(ByteDance), Mir Masood Ali(Illinois at Chicago), PhD student(Illinois at Chicago), University(Illinois at Chicago), MS student(Illinois at Chicago), Stony Brook University; Mohammad Ghasemisharif(Illinois at Chicago), PhD Candidate(Illinois at Chicago), Associate Professor(Illinois at Chicago), Stony Brook University; Jason Polakis(Illinois at Chicago), Justin Bui@@slyd0g(Snowflake), Cristian Dinca(Tudor Vianu National High School of Computer Science of), Francisco Alonso@@revskills, Jihwan Kim@@gPayl0ad, Dohyun Lee@@l33d0hyun, Dohyun Lee@@l33d0hyun(SSD Labs), Abdulrahman Alqabandi(Microsoft Browser Vulnerability Research), Ryan Shin(IAAI SecLab at Korea University), Dohyun Lee@@l33d0hyun(DNSLab at Korea University), Yonghwi Jin at Theori@@jinmo123(Trend Micro Zero Day Initiative), Wonyoung Jung@@nonetype_pwn(KAIST Hacking Lab), Dr Hideaki Goto(Tohoku University), Japan, Evgeny Legerov

Affected Software

9 affected componentsFixes available

Apple WatchOS<9.1

9.1

Apple iOS<16.1

16.1

Apple iPadOS<16

Apple iOS<15.7.1

15.7.1

Apple iPadOS<15.7.1

15.7.1

Apple iPadOS<15.7.1

Apple iPhone OS<15.7.1

Apple iPhone OS=16.0

Apple WatchOS<9.1

Event History

Oct 24, 2022

Data Sourced

via Apple·12:00 AM

DescriptionWeaknessAffected Software

Nov 1, 2022

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is CVE-2022-32932?

CVE-2022-32932 is a vulnerability in Apple Neural Engine that was addressed with improved memory handling.

Which software versions are affected by CVE-2022-32932?

CVE-2022-32932 affects Apple iOS versions up to exclusive 16.1, Apple iPadOS versions up to exclusive 16, and Apple watchOS versions up to exclusive 9.1.

How can I fix CVE-2022-32932?

To fix CVE-2022-32932, update your Apple device to iOS 16.1, iPadOS 16, or watchOS 9.1.

Where can I find more information about CVE-2022-32932?