Details of VAR-202205-1307

ID

VAR-202205-1307

CVE

CVE-2022-26771

TITLE

plural Apple Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-011250

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.5 and iPadOS 15.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-5 watchOS 8.6 watchOS 8.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213253. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22675: an anonymous researcher DriverKit Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple Watch Series 3 and later Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libxml2 Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 Security Available for: Apple Watch Series 3 and later Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) TCC Available for: Apple Watch Series 3 and later Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Wi-Fi Available for: Apple Watch Series 3 and later Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6 FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1 TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9 i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2 MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI= =zdvf -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-26771 // JVNDB: JVNDB-2022-011250 // VULHUB: VHN-417440 // VULMON: CVE-2022-26771 // PACKETSTORM: 167193

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	8.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.5	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011250 // NVD: CVE-2022-26771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26771
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26771
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3496
value:	HIGH
Trust: 0.6
VULHUB:	VHN-417440
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-26771
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417440
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26771
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26771
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417440 // JVNDB: JVNDB-2022-011250 // CNNVD: CNNVD-202205-3496 // NVD: CVE-2022-26771

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417440 // JVNDB: JVNDB-2022-011250 // NVD: CVE-2022-26771

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3496

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3496

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-417440

PATCH

title:	HT213254 Apple Security update	url:	https://support.apple.com/en-us/HT213253	Trust: 0.8
title:	Apple tvOS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193022	Trust: 0.6
title:	Apple: iOS 15.5 and iPadOS 15.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f66f27c9aed3f1df2b9271d627617604	Trust: 0.1
title:	Apple: watchOS 8.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=6bd411659b23f6a36cfd1c59cf69e092	Trust: 0.1

sources: VULMON: CVE-2022-26771 // JVNDB: JVNDB-2022-011250 // CNNVD: CNNVD-202205-3496

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26771	Trust: 3.5
db:	PACKETSTORM	id:	167193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-011250	Trust: 0.8
db:	CS-HELP	id:	SB2022051708	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2410	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3496	Trust: 0.6
db:	VULHUB	id:	VHN-417440	Trust: 0.1
db:	VULMON	id:	CVE-2022-26771	Trust: 0.1

sources: VULHUB: VHN-417440 // VULMON: CVE-2022-26771 // JVNDB: JVNDB-2022-011250 // PACKETSTORM: 167193 // CNNVD: CNNVD-202205-3496 // NVD: CVE-2022-26771

REFERENCES

url:	https://support.apple.com/en-us/ht213254	Trust: 2.3
url:	https://support.apple.com/en-us/ht213253	Trust: 1.7
url:	https://support.apple.com/en-us/ht213258	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26771	Trust: 0.9
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38380	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051708	Trust: 0.6
url:	https://packetstormsecurity.com/files/167193/apple-security-advisory-2022-05-16-5.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2410	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26771/	Trust: 0.6
url:	https://support.apple.com/kb/ht213258	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26709	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26764	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26717	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26765	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26700	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26716	Trust: 0.1
url:	https://support.apple.com/ht213253.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26757	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22675	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26706	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26710	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26763	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26711	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26768	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1

sources: VULHUB: VHN-417440 // VULMON: CVE-2022-26771 // JVNDB: JVNDB-2022-011250 // PACKETSTORM: 167193 // CNNVD: CNNVD-202205-3496 // NVD: CVE-2022-26771

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 167193

SOURCES

db:	VULHUB	id:	VHN-417440
db:	VULMON	id:	CVE-2022-26771
db:	JVNDB	id:	JVNDB-2022-011250
db:	PACKETSTORM	id:	167193
db:	CNNVD	id:	CNNVD-202205-3496
db:	NVD	id:	CVE-2022-26771

LAST UPDATE DATE

2024-11-23T19:26:20.606000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417440	date:	2022-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011250	date:	2023-08-21T06:38:00
db:	CNNVD	id:	CNNVD-202205-3496	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-26771	date:	2024-11-21T06:54:28.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417440	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011250	date:	2023-08-21T00:00:00
db:	PACKETSTORM	id:	167193	date:	2022-05-17T17:06:32
db:	CNNVD	id:	CNNVD-202205-3496	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26771	date:	2022-05-26T20:15:09.930