ID
VAR-202210-2055
CVE
CVE-2022-32907
TITLE
Vulnerabilities in multiple Apple products
Trust: 0.8
DESCRIPTION
This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. apple's iOS , tvOS , watchOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-11 tvOS 16 tvOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213487. Accelerate Framework Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__) GPU Drivers Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Image Processing Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Image Processing Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32949: Tingting Yin of Tsinghua University Entry added October 27, 2022 Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab MediaLibrary Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher Notifications Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer Sandbox Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security SQLite Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690 WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 242762 CVE-2022-32891: @real_as3617, an anonymous researcher Wi-Fi Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval Additional recognition AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance. Identity Services We would like to acknowledge Joshua Jones for their assistance. Kernel We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge Aleczander Ewing for their assistance. WebKit We would like to acknowledge an anonymous researcher for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpUACgkQ4RjMIDke NxmVqQ//euIvh3eN5tjkLRIDWFgteGsdR3O6GXKVcZvCiOI7EdmCksA7/3uIo3m2 wAXO/XJB5GDbxwHpyIlaN6eSlQnAhUTeYuDZGTyyUKwRmyj0oYu0IQw9C1xrGefA LDEqYiTwx7sQnuC6ijirFdHSO0uM+YEHCm0OZ4v2dGBJKAdIFN/5b0jq6/Y9NnWL EHSL5BLhOOEBxWoi4K2tbbE+ty8+Zqk0GrUJxaWQ7vCKPD8Ts2sNb7JAAVu5WQDY bmOyWpusZ1evUE/N0nZdqWFTwAXCTfH+4xZ4IXHTUFuHPIXuJ/2ySeqzYjldY75Q vGVCy1b4wtd+C9XD7QGbpd3MHrkECZMI8pWbHkCB53Io1+zdaKiv+xmtSl0ZlFyL 8f/FsR34FMzQPAhlZec60hIKHh83Lr7pOK5KrPNgAECTlxtBYD7Teau+qqTYFQgN pW5/4WtXhVpje5ILu3xzUmqBWk7QPNa7b0PdPLu6OjxE9iMVJF+p8Suk739Ex2H7 81uJp89tTE3UYXvhxaMYP2L0tbrEydlz+wGGI35+jrt4S82FsmvJvV9lqT8NubIG /IakSGMMlYoyb4JcCN3MJCXs2C48iydCPE4g7yaEhg4qNpcXfANdEzRh/KAenSwq bWic5nC6dxWqD4OXjyfjmpkvrq5B2lg87WesDkqMh9oJ9uWBTh8= =Aea8 -----END PGP SIGNATURE-----
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | apple | model: | iphone os | scope: | lt | version: | 16.0 | Trust: 1.0 |
| vendor: | apple | model: | watchos | scope: | lt | version: | 9.0 | Trust: 1.0 |
| vendor: | apple | model: | tvos | scope: | lt | version: | 16.0 | Trust: 1.0 |
| vendor: | アップル | model: | watchos | scope: | eq | version: | 9.0 | Trust: 0.8 |
| vendor: | アップル | model: | tvos | scope: | - | version: | - | Trust: 0.8 |
| vendor: | アップル | model: | ios | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | HT213486 Apple Security update | url: | https://support.apple.com/en-us/ht213446 | Trust: 0.8 |
| title: | Apple tvOS Security vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212875 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-32907 | Trust: 3.4 |
| db: | PACKETSTORM | id: | 169930 | Trust: 2.5 |
| db: | PACKETSTORM | id: | 169589 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-022854 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.5462 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2022.5473 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202210-2520 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-424996 | Trust: 0.1 |
REFERENCES
| url: | http://packetstormsecurity.com/files/169930/appleavd-appleavduserclient-decodeframefig-memory-corruption.html | Trust: 3.1 |
| url: | https://support.apple.com/en-us/ht213446 | Trust: 1.7 |
| url: | https://support.apple.com/en-us/ht213486 | Trust: 1.7 |
| url: | https://support.apple.com/en-us/ht213487 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32907 | Trust: 0.9 |
| url: | https://packetstormsecurity.com/files/169589/apple-security-advisory-2022-10-27-11.html | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.5462 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.5473 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-32907/ | Trust: 0.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32866 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32888 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32891 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-36690 | Trust: 0.1 |
| url: | https://support.apple.com/ht213487. | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32864 | Trust: 0.1 |
| url: | https://support.apple.com/en-us/ht201222. | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32912 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-1622 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32879 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32903 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32908 | Trust: 0.1 |
| url: | https://www.apple.com/support/security/pgp/ | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32911 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32886 | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-32881 | Trust: 0.1 |
CREDITS
Apple
Trust: 0.1
SOURCES
| db: | VULHUB | id: | VHN-424996 |
| db: | JVNDB | id: | JVNDB-2022-022854 |
| db: | PACKETSTORM | id: | 169589 |
| db: | NVD | id: | CVE-2022-32907 |
| db: | CNNVD | id: | CNNVD-202210-2520 |
LAST UPDATE DATE
2023-12-18T11:13:33.472000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-424996 | date: | 2023-01-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-022854 | date: | 2023-11-21T02:27:00 |
| db: | NVD | id: | CVE-2022-32907 | date: | 2023-01-27T19:23:39.727 |
| db: | CNNVD | id: | CNNVD-202210-2520 | date: | 2022-11-21T00:00:00 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-424996 | date: | 2022-11-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-022854 | date: | 2023-11-21T00:00:00 |
| db: | PACKETSTORM | id: | 169589 | date: | 2022-10-31T14:51:24 |
| db: | NVD | id: | CVE-2022-32907 | date: | 2022-11-01T20:15:19.103 |
| db: | CNNVD | id: | CNNVD-202210-2520 | date: | 2022-10-31T00:00:00 |