Details of VAR-202210-1532

ID

VAR-202210-1532

CVE

CVE-2022-42808

TITLE

Apple watchOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. Apple watchOS is a smart watch operating system developed by Apple (Apple). Apple watchOS has a security flaw. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 iOS 16.1 and iPadOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213489. AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o. CFNetwork Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu) Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to record audio using a pair of connected AirPods Description: This issue was addressed with improved entitlements. CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes) GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi) IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs IOKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32924: Ian Beer of Google Project Zero Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun) WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University WebKit PDF Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative Additional recognition iCloud We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance. Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance. WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW0WIACgkQ4RjMIDke NxmuNw/4m3JXuBK+obHVvyb4tGoeHKNZtJi/tHr0gDMtDjr5pIlXdl2wX99eLzoG D2Dj4YtMnUhqEgQVKVcnzxQuhmdHK21TmqgWi+kHNyg0plKX0mj+1222/qjtZOdf FgCHKsR0LVLDpgjthvA9WYqwbfOMmXvSS4sEHaeSIdo+8R68GcV9yJQ98hWsxqeh YPzZ8RqtkuzeeYVD8jaxVW6l7lQ37puQ3romivRe46Wi36nkYG6wifggWMSKmeNZ 9CVs/3GT294l9GnjuIHaM2WfnHzYSEQY/eqP34SQ96UPClpJF2afBCRd3eOl8ov1 hgyhjtfJCqqfb9uzXj0ciFrLFdn8xLxsY7L+RSOwtLz0zSTfwAkAEDnL7i5EBkwn 7a2l/r6bb/W7IOC67fQWZi33SkpGPJF51oT3PLOh1RyeRFE+NYd4hMMAIo8Bg4eZ 45aAh2L7ak1T6V4PnUuG+o51oQKKRH1b/MTamVyFWffT2uX8w+hrdDVifd/K/jmD auFkibGQBmO/VWe6f5lKsDQeq5RIax6OBs8LkZQ3EMIHi9De4s5WIlPakm4qYCLW QXQKlEi8p3BI4d5kckcXjdtwRp8QiJLinq9rZFzq5U5nQ2Z4KucHrMO0h5Frqisa KsmkMjSKuPPT5GTap9Z5BVJVSOADx0hTExUE1cGBESCtnmaXrw== =3Dgs -----END PGP SIGNATURE----- . Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About"

Trust: 1.44

sources: NVD: CVE-2022-42808 // VULHUB: VHN-429661 // PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	13.0	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	16.1	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.1	Trust: 1.0

sources: NVD: CVE-2022-42808

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-42808
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202210-1664
value:	CRITICAL
Trust: 0.6

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2022-42808 // CNNVD: CNNVD-202210-1664

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-429661 // NVD: CVE-2022-42808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

CONFIGURATIONS

sources: NVD: CVE-2022-42808

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-429661

PATCH

title:

Apple watchOS Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212972

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

EXTERNAL IDS

db:	NVD	id:	CVE-2022-42808	Trust: 2.2
db:	PACKETSTORM	id:	169595	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1664	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.5305.2	Trust: 0.6
db:	PACKETSTORM	id:	169550	Trust: 0.2
db:	PACKETSTORM	id:	169554	Trust: 0.2
db:	PACKETSTORM	id:	169555	Trust: 0.2
db:	PACKETSTORM	id:	169586	Trust: 0.2
db:	VULHUB	id:	VHN-429661	Trust: 0.1

sources: VULHUB: VHN-429661 // PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595 // NVD: CVE-2022-42808 // CNNVD: CNNVD-202210-1664

REFERENCES

url:	https://support.apple.com/en-us/ht213491	Trust: 2.3
url:	https://support.apple.com/en-us/ht213488	Trust: 1.7
url:	https://support.apple.com/en-us/ht213489	Trust: 1.7
url:	https://support.apple.com/en-us/ht213492	Trust: 1.7
url:	https://www.auscert.org.au/bulletins/esb-2022.5305.2	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-42808/	Trust: 0.6
url:	https://packetstormsecurity.com/files/169595/apple-security-advisory-2022-10-27-12.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42808	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32924	Trust: 0.5
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42799	Trust: 0.5
url:	https://www.apple.com/support/security/pgp/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32940	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42811	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42823	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42813	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42824	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32947	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32926	Trust: 0.2
url:	https://support.apple.com/ht213492.	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32923	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42801	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42803	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32944	Trust: 0.2
url:	https://support.apple.com/kb/ht204641	Trust: 0.2
url:	https://support.apple.com/ht213491.	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42825	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42810	Trust: 0.1
url:	https://support.apple.com/ht213489.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32922	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32938	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42820	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37434	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32932	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42800	Trust: 0.1

CREDITS

Apple

Trust: 0.5

sources: PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595

SOURCES

db:	VULHUB	id:	VHN-429661
db:	PACKETSTORM	id:	169586
db:	PACKETSTORM	id:	169554
db:	PACKETSTORM	id:	169555
db:	PACKETSTORM	id:	169550
db:	PACKETSTORM	id:	169595
db:	NVD	id:	CVE-2022-42808
db:	CNNVD	id:	CNNVD-202210-1664

LAST UPDATE DATE

2023-12-18T11:20:51.350000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-429661	date:	2022-11-03T00:00:00
db:	NVD	id:	CVE-2022-42808	date:	2022-11-03T03:54:54.173
db:	CNNVD	id:	CNNVD-202210-1664	date:	2022-11-04T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-429661	date:	2022-11-01T00:00:00
db:	PACKETSTORM	id:	169586	date:	2022-10-31T14:50:41
db:	PACKETSTORM	id:	169554	date:	2022-10-31T14:19:52
db:	PACKETSTORM	id:	169555	date:	2022-10-31T14:20:08
db:	PACKETSTORM	id:	169550	date:	2022-10-31T14:18:24
db:	PACKETSTORM	id:	169595	date:	2022-10-31T14:53:38
db:	NVD	id:	CVE-2022-42808	date:	2022-11-01T20:15:23.297
db:	CNNVD	id:	CNNVD-202210-1664	date:	2022-10-24T00:00:00