CVE-2022-32892 - OpenCVE

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Ipados Iphone Os Macos Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/HT213442
https://support.apple.com/en-us/HT213445
https://support.apple.com/en-us/HT213446
https://support.apple.com/en-us/HT213488

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2022-11-01T00:00:00

Updated: 2024-08-03T07:54:03.143Z

Reserved: 2022-06-09T00:00:00

Link: CVE-2022-32892

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-01T20:15:18.783

Modified: 2023-01-09T16:41:59.350

Link: CVE-2022-32892

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5F783A1-114C-4DFC-9F2E-0D43D62CBC69", "versionEndExcluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "50F6B3A5-EB1B-4405-9B32-E88116B4BED5", "versionEndExcluding": "15.7", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F233AF5-C71F-45EB-9C29-D3D47BC7D2A2", "versionEndExcluding": "15.7", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC", "versionEndExcluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de acceso con mejoras en el sandbox. Este problema se solucion\u00f3 en Safari 16, iOS 15.7 y iPadOS 15.7, iOS 16, macOS Ventura 13. Un proceso de espacio aislado puede eludir las restricciones del espacio aislado."}], "id": "CVE-2022-32892", "lastModified": "2023-01-09T16:41:59.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-01T20:15:18.783", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213442"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213445"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213446"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213488"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}