A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Exploits & Vulnerabilities

This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.

By: Mickey Jin December 21, 2022 Read time:  ( words)

On Jan. 26, 2022, Apple patched a System Integrity Protection (SIP)-bypass vulnerability in the PackageKit framework, identified as CVE-2022-22583. Apple shared the credit for this CVE between researchers Ron Hass (@ronhass7) of Perception Point and Mickey Jin (@patch1t) of Trend Micro.

After Perception Point posted a comprehensive blog entry about the vulnerability and its exploitation details, we determined that the method we used to exploit the vulnerability was different from theirs. We also discovered a new vulnerability, CVE-2022-32800, after digging deeper into CVE-2022-22583.

This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report.

This is the third and final entry of a series of blog entries where we discuss our SIP-related vulnerability discoveries. More details about SIP and the special daemon services’ entitlements can be found in our previous blog entry last month. We also talked about several of the more than

Read more

Explore the site

More from the blog

Latest News