Details of VAR-202201-0554

ID

VAR-202201-0554

CVE

CVE-2022-22594

TITLE

plural Apple Same Origin Policy Violation Vulnerability in Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-008589

DESCRIPTION

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. plural Apple The product contains a same-origin policy violation vulnerability.Information may be obtained. Alternatively, on your watch, select "My Watch > General > About". CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto IOMobileFrameBuffer Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges. PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-01-26-1 iOS 15.3 and iPadOS 15.3 iOS 15.3 and iPadOS 15.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213053. ColorSync Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher iCloud Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be “15.3" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0vIACgkQeC9qKD1p rhj4hBAAuITBqrZx38zr9+MFgchRltErtLD/ZVUZ0mYD/bbVaF8+2RwoP0d3XBHj hkiZAqV8LCe+r9qs2SHBxXZteEEs79R1AIzZCSAjMU9LUK8yXYgHC5BGDoanRmes yuFyrWp78zz5Ix3jop5SUTt0xcxSOK49m7Oozrgr4sfzDg83VzDF9ebna+Obcar1 WArT/yhPC35dwJ5tOJ0Xmdogb3gPEk+ccjw885UpjnQqnkX8g0KOUzRSp/BYwexM vea9a7z3IGrCHaU8rlJWX+GupMUgRtpZr/k6jCzwT7g4BDRYSMYFvJcKZF6xFNgy raxl8Vdm+ZhTK//YNFl7BB1aKixVzI6i85aegtOErUPRwzICD1NDlQK5q3ErBpp+ 5FTvuwn7SWy5BPkSIOwmfoJfGrWTzDmdOAajM5o6Yy5m/OnR5ZqK4egfvwmPjoEy lx9ffhcvm7HbQmLjO4DTQlpqiyk3UmMmE5MEG4QSMA5UOqMinjE0kl+2JEkV7cmt Ugkcc4Auu7jUM3YxCkPfMi/x4/t52BBJbIXzpLnj2qebpci7GW9c3aDPNoQbTty9 +Y1amSmQvVRlqKGEi2xlVKGqN0uduhanyiL6+tt2Q1Afo/jf6JjERVUrOGl/Fv7r sJKt1GE0w3uJ6RQVQ6C3w33HTmzNWwzfdy+I8Ik3Cn8ZgfHY3JA= =JRMz -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 ===================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: webkit2gtk3-2.34.6-1.el8.src.rpm aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqQrdzjgjWX9erEAQi/6BAAhaqaCDj0g7uJ6LdXEng5SqGBFl5g6GIV p/WSKyL+tI3BpKaaUWr6+d4tNnaQbKxhRTwTSJa8GMrOc7n6Y7LO8Y7mQj3bEFvn z3HHLZK8EMgDUz4I0esuh0qNWnfsD/vJDuGbXlHLdNLlc5XzgX7YA6eIb1lxSbxV ueSENHohbMJLbWoeI2gMUYGb5cAzBHrgdmFIsr4XUd6sr5Z1ZOPnQPf36vrXGdzj mPXPijZtr9QiPgwijm4/DkJG7NQ4KyaPMOKauC7PEB1AHWIwHteRnVxnWuZLjpMf RqYBQu2pYeTiyGky+ozshJ81mdfLyUQBR/+4KbB2TMFZHDlhxzNFZrErh4+dfQja Cuf+IwTOSZgC/8XouTQMA27KFSYKd4PzwnB3yQeGU0NA/VngYp12BegeVHlDiadS hO+mAk/BAAesdywt7ZTU1e1yROLm/jp0VcmvkQO+gh2WhErEFV3s0qnsu1dfuLY7 B1e0z6c/vp8lkSFs2fcx0Oq1S7nGIGZiR66loghp03nDoCcxblsxBcFV9CNq6yVG BkEAFzMb/AHxqn7KbZeN6g4Los+3Dr7eFYPGUkVEXy+AbHqE+b99pT2TIjCOMh/L wXOE+nX3KXbD5MCqvmF2K6w+MfIf3AxzzgirwXyLewSP8NKBmsdBtgwbgFam1QfM Uqt+dghxtOQ= =LCNn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2022-22594 // JVNDB: JVNDB-2022-008589 // VULHUB: VHN-411222 // VULMON: CVE-2022-22594 // PACKETSTORM: 165777 // PACKETSTORM: 165776 // PACKETSTORM: 165775 // PACKETSTORM: 165772 // PACKETSTORM: 165771 // PACKETSTORM: 167037

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	15.3	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.3	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.3	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	8.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.2	Trust: 1.0
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.4	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	safari	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-008589 // NVD: CVE-2022-22594

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-22594
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202201-2420
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-411222
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22594
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2022-22594
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
VULHUB:	VHN-411222
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22594
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411222 // VULMON: CVE-2022-22594 // JVNDB: JVNDB-2022-008589 // NVD: CVE-2022-22594 // CNNVD: CNNVD-202201-2420

PROBLEMTYPE DATA

problemtype:	CWE-346	Trust: 1.1
problemtype:	Same-origin policy violation (CWE-346) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411222 // JVNDB: JVNDB-2022-008589 // NVD: CVE-2022-22594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-2420

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202201-2420

CONFIGURATIONS

sources: NVD: CVE-2022-22594

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-411222

PATCH

title:	HT213059	url:	https://support.apple.com/en-us/ht213053	Trust: 0.8
title:	Apple Safari Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179629	Trust: 0.6
title:	Apple: iOS 15.3 and iPadOS 15.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=05e71c916b30e0c013cc3ece80cc9189	Trust: 0.1
title:	-	url:	https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/	Trust: 0.1
title:	-	url:	https://threatpost.com/apple-patches-actively-exploited-webkit-zero-day/178370/	Trust: 0.1
title:	-	url:	https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-update-iphones-until-feb-25th/	Trust: 0.1
title:	-	url:	https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-update-iphones-macs-until-feb-25th/	Trust: 0.1
title:	-	url:	https://threatpost.com/apple-zero-day-security-exploited/178040/	Trust: 0.1
title:	-	url:	https://www.bleepingcomputer.com/news/security/apple-patches-new-zero-day-exploited-to-hack-iphones-ipads-macs/	Trust: 0.1
title:	-	url:	https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs/	Trust: 0.1

sources: VULMON: CVE-2022-22594 // JVNDB: JVNDB-2022-008589 // CNNVD: CNNVD-202201-2420

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22594	Trust: 4.0
db:	PACKETSTORM	id:	165777	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-008589	Trust: 0.8
db:	CS-HELP	id:	SB2022051140	Trust: 0.6
db:	CS-HELP	id:	SB2022012637	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0899	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0409	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-2420	Trust: 0.6
db:	PACKETSTORM	id:	165775	Trust: 0.2
db:	PACKETSTORM	id:	165772	Trust: 0.2
db:	PACKETSTORM	id:	165771	Trust: 0.2
db:	PACKETSTORM	id:	165776	Trust: 0.2
db:	VULHUB	id:	VHN-411222	Trust: 0.1
db:	VULMON	id:	CVE-2022-22594	Trust: 0.1
db:	PACKETSTORM	id:	167037	Trust: 0.1

sources: VULHUB: VHN-411222 // VULMON: CVE-2022-22594 // JVNDB: JVNDB-2022-008589 // PACKETSTORM: 165777 // PACKETSTORM: 165776 // PACKETSTORM: 165775 // PACKETSTORM: 165772 // PACKETSTORM: 165771 // PACKETSTORM: 167037 // NVD: CVE-2022-22594 // CNNVD: CNNVD-202201-2420

REFERENCES

url:	https://support.apple.com/en-us/ht213058	Trust: 2.4
url:	https://support.apple.com/en-us/ht213053	Trust: 1.8
url:	https://support.apple.com/en-us/ht213054	Trust: 1.8
url:	https://support.apple.com/en-us/ht213057	Trust: 1.8
url:	https://support.apple.com/en-us/ht213059	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22594	Trust: 1.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22589	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22590	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012637	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051140	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0409	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37394	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0899	Trust: 0.6
url:	https://packetstormsecurity.com/files/165777/apple-security-advisory-2022-01-26-7.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22594/	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.5
url:	https://www.apple.com/support/security/pgp/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22592	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22584	Trust: 0.4
url:	https://xlab.tencent.com)	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22593	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22585	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22578	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22579	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22587	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/346.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/oss-sec/2022/q1/114	Trust: 0.1
url:	https://threatpost.com/apple-zero-day-security-exploited/178040/	Trust: 0.1
url:	https://support.apple.com/kb/ht213053	Trust: 0.1
url:	https://support.apple.com/ht213058.	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://support.apple.com/ht213059.	Trust: 0.1
url:	https://support.apple.com/ht213057.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22586	Trust: 0.1
url:	https://support.apple.com/ht213054.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22583	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://support.apple.com/ht213053.	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22592	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30848	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22637	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30952	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30884	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30809	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30846	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30890	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30984	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45482	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30888	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30809	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30887	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30952	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30846	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30953	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30823	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30936	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45483	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30897	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30897	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30954	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30936	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22594	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30836	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30887	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30848	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-45483	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30951	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30849	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30836	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-45481	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30818	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30889	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-45482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30951	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22589	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30823	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30889	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30953	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30984	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30954	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30818	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45481	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22590	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30851	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30890	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30884	Trust: 0.1

CREDITS

Apple

Trust: 0.5

sources: PACKETSTORM: 165777 // PACKETSTORM: 165776 // PACKETSTORM: 165775 // PACKETSTORM: 165772 // PACKETSTORM: 165771

SOURCES

db:	VULHUB	id:	VHN-411222
db:	VULMON	id:	CVE-2022-22594
db:	JVNDB	id:	JVNDB-2022-008589
db:	PACKETSTORM	id:	165777
db:	PACKETSTORM	id:	165776
db:	PACKETSTORM	id:	165775
db:	PACKETSTORM	id:	165772
db:	PACKETSTORM	id:	165771
db:	PACKETSTORM	id:	167037
db:	NVD	id:	CVE-2022-22594
db:	CNNVD	id:	CNNVD-202201-2420

LAST UPDATE DATE

2023-12-18T10:59:05.146000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411222	date:	2022-03-28T00:00:00
db:	VULMON	id:	CVE-2022-22594	date:	2022-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-008589	date:	2023-07-28T05:25:00
db:	NVD	id:	CVE-2022-22594	date:	2022-03-28T16:40:32.487
db:	CNNVD	id:	CNNVD-202201-2420	date:	2022-05-12T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411222	date:	2022-03-18T00:00:00
db:	VULMON	id:	CVE-2022-22594	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-008589	date:	2023-07-28T00:00:00
db:	PACKETSTORM	id:	165777	date:	2022-01-31T15:47:24
db:	PACKETSTORM	id:	165776	date:	2022-01-31T15:47:07
db:	PACKETSTORM	id:	165775	date:	2022-01-31T15:46:53
db:	PACKETSTORM	id:	165772	date:	2022-01-31T15:46:05
db:	PACKETSTORM	id:	165771	date:	2022-01-31T15:45:47
db:	PACKETSTORM	id:	167037	date:	2022-05-11T15:50:41
db:	NVD	id:	CVE-2022-22594	date:	2022-03-18T18:15:12.850
db:	CNNVD	id:	CNNVD-202201-2420	date:	2022-01-26T00:00:00