CVE-2022-32845 | This issue was addressed with improved checks. This issue is… | CVSS 10.0 CRITICAL

Description

This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.

Metadata

CVE ID: CVE-2022-32845
State: PUBLISHED
Assigner: apple
Reserved: 2022-06-09 00:00 UTC
Published: 2022-09-23 18:59 UTC
Last updated: 2025-05-22 14:07 UTC
Primary CWE: CWE-693
CWE-693 Protection Mechanism Failure
Vendor / Product: Apple / macOS
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (3)

Vendor	Product	Platform	Versions
Apple	macOS	—	unspecified < 12.5
Apple	watchOS	—	unspecified < 8.7
Apple	watchOS	—	unspecified < 15.6

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to break out of its sandbox
CWE-693	adp	CWE-693 Protection Mechanism Failure

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (3)