VARIoT IoT vulnerabilities database
| VAR-202210-1929 | CVE-2022-32949 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , tvOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1
iOS 15.7.1 and iPadOS 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213490.
Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Backup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Graphics Driver
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Image Processing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32949: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
ppp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
zlib
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbJvAACgkQ4RjMIDke
Nxmw3Q/+MtMTloTngI/i4DiNLW/HFq92T6kxTZ8i6MUm+RJfEvhaI2zTLCchnhiR
thpoVqcA76i+eLsVGenk37S6daFhszAj1596tOv50KbTZYwBLJKM+TI2YQxH4vLq
pODEyxL6gTp9tyJR+DK6u3iXHhbDPYlTXYKGqlZ79gaF8JcYwiS/4pn2+3P+wwEN
kLMcAoLXPGzptHgZUcuRtLYH0Go0WCLIFHYh7a9gYK34f8VwgOdJCl9NJkuSPIB2
wsiqkUXUkfIZhnVthuYAt43SNZf0uadUjw6Bg8PUBydqL/5/OkuDcQGxKFQRJqEA
Yo1rJvqOuaTz2gcfquLdE1zg5OwUjKHAeMTzUwVUHMoxUIWfuMTBb+K7rxX0i/9X
FHm3f1N66GMYZPeTmFH44eUmWA5YZaccBCX5+/eluOt/y6/mVvsn+UTWa4vqI3Sa
xzWYOU8xsAMfJuWdp0m1CBGDFxOmhS4PsMctRh0ToVlV0KJLoW7ZOB4wUVf3ZtNC
mQ67XRAuvxDa83weRpmgSk5Vs3WrqAUEA0sO+SMiNGuLdlk9bj7TSjmThwMFuQ/3
L0JsYgJIIWEtQ+hFSY6o7Iqd2j1KMtSwk4BALohdhpl51f5MhKpeW6TWrXIoLt0E
cDStPsnFSyyzJyamnM53MOEuwetfBu6b09Fbb27te6fsRFcb1fM=
=kyGi
-----END PGP SIGNATURE-----
| VAR-202210-1928 | CVE-2022-42803 | Apple iOS and iPadOS Competitive conditional vulnerability |
CVSS V2: - CVSS V3: 7.0 Severity: HIGH |
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-12 Additional information for APPLE-SA-2022-10-24-5 watchOS 9.1
watchOS 9.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213491.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Apple Neural Engine
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Audio
Available for: Apple Watch Series 4 and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
CFNetwork
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
GPU Drivers
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Series 4 and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: Apple Watch Series 4 and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Safari
Available for: Apple Watch Series 4 and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: Apple Watch Series 4 and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
WebKit
Available for: Apple Watch Series 4 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: Apple Watch Series 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: Apple Watch Series 4 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit
Available for: Apple Watch Series 4 and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
zlib
Available for: Apple Watch Series 4 and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpQACgkQ4RjMIDke
NxndmQ/9FlBich1M+naXLmjo/AyBTdlmBdFUH6cU92PspO7vrzTZl3Gl3dSjvGg0
TU7AGeAAvr278Zra0Hrm+D+w2BMAd3SSIjBXyum02lx0AGyyAFaPEDVq4CpxnqUG
AEqBRrgoU9yZpTrIQXZlsnqphdv3KLVDzqqKlZjkPzIboYJ0I0c0HMP54618kx1n
oBtoEEjPrIhH9LJyt37FbtgRntCzuuyistaxKGugZo4UDUt8hkHLKpYHf/5BNfWl
/SaX1sy1ZJBoOezMC7/egaHPBbJRDnU3dXSQ7ON7h6w1Tc9NeUjXP0wf8BByeIko
zJF5StfqfBKa3fR8wl0uM4CWDuHVtVjHAv5lWSqEQoEFoAjud+Ajjr5j3DJegVW7
Xp5Xu7W2XRR03dCM/SCQXMttr/Eu7z4EPJZD1W5y/UYH+ZwF4tq+4fxdrLOzPh4j
uDLW+CWvF0d/+lVINDXzvzfQwEk77fbFJtUwL6Z5Sq95rtIL0/1OgtK/F/ODeyAX
8xYDCVdbn84K0/5K58NsvLS01XKXGISVY5yWrf3R7f69AVq7aiaaREY71pkuIwKf
+aGpuOJibybGZqIOedMES/FCYuUqZF/0N7TJH8LpmlYt/T+fXjeJkupdeT+2vpcX
iq3rTxsee+WgHhuR/3utIdIFZwVvgZBOadtHO6vIOQ1ce1QyLqI=
=ZTUZ
-----END PGP SIGNATURE-----
| VAR-202210-1897 | CVE-2022-32923 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
Safari 16.1 may be obtained from the Mac App Store.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to record audio using a pair of connected
AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke
NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG
xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr
1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE
/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE
Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq
wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w
P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j
oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6
fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL
08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV
w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=
=ULJl
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202305-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: May 30, 2023
Bugs: #871732, #879571, #888563, #905346, #905349, #905351
ID: 202305-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in arbitrary code execution.
Affected packages
================
Package Vulnerable Unaffected
------------------- ------------ ------------
net-libs/webkit-gtk < 2.40.1 >= 2.40.1
Description
==========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
References
=========
[ 1 ] CVE-2022-32885
https://nvd.nist.gov/vuln/detail/CVE-2022-32885
[ 2 ] CVE-2022-32886
https://nvd.nist.gov/vuln/detail/CVE-2022-32886
[ 3 ] CVE-2022-32888
https://nvd.nist.gov/vuln/detail/CVE-2022-32888
[ 4 ] CVE-2022-32891
https://nvd.nist.gov/vuln/detail/CVE-2022-32891
[ 5 ] CVE-2022-32923
https://nvd.nist.gov/vuln/detail/CVE-2022-32923
[ 6 ] CVE-2022-42799
https://nvd.nist.gov/vuln/detail/CVE-2022-42799
[ 7 ] CVE-2022-42823
https://nvd.nist.gov/vuln/detail/CVE-2022-42823
[ 8 ] CVE-2022-42824
https://nvd.nist.gov/vuln/detail/CVE-2022-42824
[ 9 ] CVE-2022-42826
https://nvd.nist.gov/vuln/detail/CVE-2022-42826
[ 10 ] CVE-2022-42852
https://nvd.nist.gov/vuln/detail/CVE-2022-42852
[ 11 ] CVE-2022-42856
https://nvd.nist.gov/vuln/detail/CVE-2022-42856
[ 12 ] CVE-2022-42863
https://nvd.nist.gov/vuln/detail/CVE-2022-42863
[ 13 ] CVE-2022-42867
https://nvd.nist.gov/vuln/detail/CVE-2022-42867
[ 14 ] CVE-2022-46691
https://nvd.nist.gov/vuln/detail/CVE-2022-46691
[ 15 ] CVE-2022-46692
https://nvd.nist.gov/vuln/detail/CVE-2022-46692
[ 16 ] CVE-2022-46698
https://nvd.nist.gov/vuln/detail/CVE-2022-46698
[ 17 ] CVE-2022-46699
https://nvd.nist.gov/vuln/detail/CVE-2022-46699
[ 18 ] CVE-2022-46700
https://nvd.nist.gov/vuln/detail/CVE-2022-46700
[ 19 ] CVE-2023-23517
https://nvd.nist.gov/vuln/detail/CVE-2023-23517
[ 20 ] CVE-2023-23518
https://nvd.nist.gov/vuln/detail/CVE-2023-23518
[ 21 ] CVE-2023-23529
https://nvd.nist.gov/vuln/detail/CVE-2023-23529
[ 22 ] CVE-2023-25358
https://nvd.nist.gov/vuln/detail/CVE-2023-25358
[ 23 ] CVE-2023-25360
https://nvd.nist.gov/vuln/detail/CVE-2023-25360
[ 24 ] CVE-2023-25361
https://nvd.nist.gov/vuln/detail/CVE-2023-25361
[ 25 ] CVE-2023-25362
https://nvd.nist.gov/vuln/detail/CVE-2023-25362
[ 26 ] CVE-2023-25363
https://nvd.nist.gov/vuln/detail/CVE-2023-25363
[ 27 ] CVE-2023-27932
https://nvd.nist.gov/vuln/detail/CVE-2023-27932
[ 28 ] CVE-2023-27954
https://nvd.nist.gov/vuln/detail/CVE-2023-27954
[ 29 ] CVE-2023-28205
https://nvd.nist.gov/vuln/detail/CVE-2023-28205
[ 30 ] WSA-2022-0009
https://webkitgtk.org/security/WSA-2022-0009.html
[ 31 ] WSA-2022-0010
https://webkitgtk.org/security/WSA-2022-0010.html
[ 32 ] WSA-2023-0001
https://webkitgtk.org/security/WSA-2023-0001.html
[ 33 ] WSA-2023-0002
https://webkitgtk.org/security/WSA-2023-0002.html
[ 34 ] WSA-2023-0003
https://webkitgtk.org/security/WSA-2023-0003.html
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-32
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: webkit2gtk3 security and bug fix update
Advisory ID: RHSA-2023:2256-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2256
Issue date: 2023-05-09
CVE Names: CVE-2022-32886 CVE-2022-32888 CVE-2022-32923
CVE-2022-42799 CVE-2022-42823 CVE-2022-42824
CVE-2022-42826 CVE-2022-42852 CVE-2022-42863
CVE-2022-42867 CVE-2022-46691 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700
CVE-2023-23517 CVE-2023-23518 CVE-2023-25358
CVE-2023-25360 CVE-2023-25361 CVE-2023-25362
CVE-2023-25363
====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source:
webkit2gtk3-2.38.5-1.el9.src.rpm
aarch64:
webkit2gtk3-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
ppc64le:
webkit2gtk3-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
s390x:
webkit2gtk3-2.38.5-1.el9.s390x.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.s390x.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.s390x.rpm
webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.s390x.rpm
x86_64:
webkit2gtk3-2.38.5-1.el9.i686.rpm
webkit2gtk3-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-debuginfo-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.i686.rpm
webkit2gtk3-debugsource-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-devel-2.38.5-1.el9.i686.rpm
webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32886
https://access.redhat.com/security/cve/CVE-2022-32888
https://access.redhat.com/security/cve/CVE-2022-32923
https://access.redhat.com/security/cve/CVE-2022-42799
https://access.redhat.com/security/cve/CVE-2022-42823
https://access.redhat.com/security/cve/CVE-2022-42824
https://access.redhat.com/security/cve/CVE-2022-42826
https://access.redhat.com/security/cve/CVE-2022-42852
https://access.redhat.com/security/cve/CVE-2022-42863
https://access.redhat.com/security/cve/CVE-2022-42867
https://access.redhat.com/security/cve/CVE-2022-46691
https://access.redhat.com/security/cve/CVE-2022-46692
https://access.redhat.com/security/cve/CVE-2022-46698
https://access.redhat.com/security/cve/CVE-2022-46699
https://access.redhat.com/security/cve/CVE-2022-46700
https://access.redhat.com/security/cve/CVE-2023-23517
https://access.redhat.com/security/cve/CVE-2023-23518
https://access.redhat.com/security/cve/CVE-2023-25358
https://access.redhat.com/security/cve/CVE-2023-25360
https://access.redhat.com/security/cve/CVE-2023-25361
https://access.redhat.com/security/cve/CVE-2023-25362
https://access.redhat.com/security/cve/CVE-2023-25363
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc
| VAR-202210-2041 | CVE-2022-40874 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state
| VAR-202210-1975 | CVE-2022-32935 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 4.6 Severity: MEDIUM |
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to record audio using a pair of connected
AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke
NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG
xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr
1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE
/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE
Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq
wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w
P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j
oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6
fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL
08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV
w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=
=ULJl
-----END PGP SIGNATURE-----
| VAR-202210-1884 | CVE-2022-32939 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to record audio using a pair of connected
AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke
NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG
xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr
1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE
/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE
Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq
wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w
P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j
oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6
fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL
08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV
w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=
=ULJl
-----END PGP SIGNATURE-----
| VAR-202210-1885 | CVE-2022-32944 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to record audio using a pair of connected
AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke
NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG
xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr
1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE
/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE
Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq
wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w
P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j
oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6
fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL
08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV
w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=
=ULJl
-----END PGP SIGNATURE-----
| VAR-202210-1901 | CVE-2022-42801 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-32940: ABC Research s.r.o.
CFNetwork
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
WebKit
Available for: Apple Watch Series 4 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1
iOS 15.7.1 and iPadOS 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213490.
Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Backup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Graphics Driver
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Image Processing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32949: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
ppp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
zlib
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbJvAACgkQ4RjMIDke
Nxmw3Q/+MtMTloTngI/i4DiNLW/HFq92T6kxTZ8i6MUm+RJfEvhaI2zTLCchnhiR
thpoVqcA76i+eLsVGenk37S6daFhszAj1596tOv50KbTZYwBLJKM+TI2YQxH4vLq
pODEyxL6gTp9tyJR+DK6u3iXHhbDPYlTXYKGqlZ79gaF8JcYwiS/4pn2+3P+wwEN
kLMcAoLXPGzptHgZUcuRtLYH0Go0WCLIFHYh7a9gYK34f8VwgOdJCl9NJkuSPIB2
wsiqkUXUkfIZhnVthuYAt43SNZf0uadUjw6Bg8PUBydqL/5/OkuDcQGxKFQRJqEA
Yo1rJvqOuaTz2gcfquLdE1zg5OwUjKHAeMTzUwVUHMoxUIWfuMTBb+K7rxX0i/9X
FHm3f1N66GMYZPeTmFH44eUmWA5YZaccBCX5+/eluOt/y6/mVvsn+UTWa4vqI3Sa
xzWYOU8xsAMfJuWdp0m1CBGDFxOmhS4PsMctRh0ToVlV0KJLoW7ZOB4wUVf3ZtNC
mQ67XRAuvxDa83weRpmgSk5Vs3WrqAUEA0sO+SMiNGuLdlk9bj7TSjmThwMFuQ/3
L0JsYgJIIWEtQ+hFSY6o7Iqd2j1KMtSwk4BALohdhpl51f5MhKpeW6TWrXIoLt0E
cDStPsnFSyyzJyamnM53MOEuwetfBu6b09Fbb27te6fsRFcb1fM=
=kyGi
-----END PGP SIGNATURE-----
| VAR-202210-1927 | CVE-2022-32932 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to record audio using a pair of connected
AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke
NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG
xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr
1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE
/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE
Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq
wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w
P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j
oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6
fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL
08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV
w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=
=ULJl
-----END PGP SIGNATURE-----
| VAR-202210-1930 | CVE-2022-42810 | Apple iOS and iPadOS Security hole |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1
tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.
AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
CFNetwork
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD Impact: An app may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Model I/O
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
Sandbox
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting "Settings ->
System -> Software Update -> Update Software." To check the current
version of software, select "Settings -> General -> About."
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpUACgkQ4RjMIDke
NxmJwxAAjSfy9CooaM4dtqHdxCKzuzqRRXrH7h7vDnFdwCyUmJrZYSNAV5AR2W0i
qS9pTIMe07Uz5xe4NNd+LzjNYLBvR0YZPwhYyQRFCSQQFcWvFAd8jsI9kn2UJlK6
7dNm/UVE+ztBfAk8O2fLXcAkPG/FqsGFNgVD3LrSy/fZIG3UTe/Q8BGehbD6RX6X
wU/eRFSL1RayQHP4136PEiECO1HFLtsMzxyqCUZTwWPVs9CvE1yHS2/0UhgzlN4b
6TJ34AR30+JN5dVthWDLPBlWmaqaDAFiX37xv7vDC36elpr/lhTJ/NkonBVBwSUg
dqwPIyoibQ9dVIPtmT0CO7Tn5Q4QlXiFLJKIxNYPBHspEV2nesP8KnupuUrZs3o6
k0q5dJoXUMXZDZH5tokgJQ/ZsYZQA+vSTMpHAWwWddxuARDVI3BnpOBy8KoHH/G1
o4zq5rv0llvYTbH0G/FcNe/MUAb6fU2YXWLU2IfXY3Vf0trLedjEug1B5CGkRuwE
abMucUSg7w2nHi0oFuPQQqYzFHOPPatcJnTUGhQ6ioodpsg+DJToAuz1WIBw4SbQ
j31KWyc1fGY6eer4spopaePWsHdN5D/nNM2yHgbDb0gwa58v4CFtvI+Cs79dAcEk
eOQLXBs0J6cQwbE3HpPxSrzWCYsaaajACdBGCVn5vwV+h3WCecE=
=ih0f
-----END PGP SIGNATURE-----
| VAR-202210-1865 | CVE-2022-40965 | Delta Electronics, INC. of DIAEnergie Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. Delta Electronics, INC. of DIAEnergie Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202210-1862 | CVE-2022-41773 | Delta Electronics, INC. of DIAEnergie In SQL Injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202210-1961 | CVE-2022-43003 | D-Link Systems, Inc. of DIR-816 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. D-Link Systems, Inc. of DIR-816 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202210-1979 | CVE-2022-43002 | D-Link Systems, Inc. of DIR-816 Out-of-bounds write vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. D-Link Systems, Inc. of DIR-816 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202210-1864 | CVE-2022-41651 | Delta Electronics, INC. of DIAEnergie Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. Delta Electronics, INC. of DIAEnergie Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202210-1866 | CVE-2022-41702 | Delta Electronics, INC. of DIAEnergie Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. Delta Electronics, INC. of DIAEnergie Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202210-1886 | CVE-2022-42915 | curl Resource Management Error Vulnerability |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. ==========================================================================
Ubuntu Security Notice USN-5702-1
October 26, 2022
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc
files. If an attacker were able to provide a specially crafted .netrc file,
this issue could cause curl to crash, resulting in a denial of service.
This issue only affected Ubuntu 22.10. (CVE-2022-35260)
It was discovered that curl incorrectly handled certain HTTP proxy return
codes. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)
Hiroki Kurosawa discovered that curl incorrectly handled HSTS support
when certain hostnames included IDN characters. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
curl 7.85.0-1ubuntu0.1
libcurl3-gnutls 7.85.0-1ubuntu0.1
libcurl3-nss 7.85.0-1ubuntu0.1
libcurl4 7.85.0-1ubuntu0.1
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.6
libcurl3-gnutls 7.81.0-1ubuntu1.6
libcurl3-nss 7.81.0-1ubuntu1.6
libcurl4 7.81.0-1ubuntu1.6
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.14
libcurl3-gnutls 7.68.0-1ubuntu2.14
libcurl3-nss 7.68.0-1ubuntu2.14
libcurl4 7.68.0-1ubuntu2.14
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.21
libcurl3-gnutls 7.58.0-2ubuntu3.21
libcurl3-nss 7.58.0-2ubuntu3.21
libcurl4 7.58.0-2ubuntu3.21
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: curl: Multiple Vulnerabilities
Date: December 19, 2022
Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365
ID: 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in curl, the worst of which
could result in arbitrary code execution.
Background
=========
A command line tool and library for transferring data with URLs.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
==========
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
=========
[ 1 ] CVE-2021-22922
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
[ 2 ] CVE-2021-22923
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
[ 3 ] CVE-2021-22925
https://nvd.nist.gov/vuln/detail/CVE-2021-22925
[ 4 ] CVE-2021-22926
https://nvd.nist.gov/vuln/detail/CVE-2021-22926
[ 5 ] CVE-2021-22945
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
[ 6 ] CVE-2021-22946
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
[ 7 ] CVE-2021-22947
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
[ 8 ] CVE-2022-22576
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
[ 9 ] CVE-2022-27774
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
[ 10 ] CVE-2022-27775
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
[ 11 ] CVE-2022-27776
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
[ 12 ] CVE-2022-27779
https://nvd.nist.gov/vuln/detail/CVE-2022-27779
[ 13 ] CVE-2022-27780
https://nvd.nist.gov/vuln/detail/CVE-2022-27780
[ 14 ] CVE-2022-27781
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
[ 15 ] CVE-2022-27782
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
[ 16 ] CVE-2022-30115
https://nvd.nist.gov/vuln/detail/CVE-2022-30115
[ 17 ] CVE-2022-32205
https://nvd.nist.gov/vuln/detail/CVE-2022-32205
[ 18 ] CVE-2022-32206
https://nvd.nist.gov/vuln/detail/CVE-2022-32206
[ 19 ] CVE-2022-32207
https://nvd.nist.gov/vuln/detail/CVE-2022-32207
[ 20 ] CVE-2022-32208
https://nvd.nist.gov/vuln/detail/CVE-2022-32208
[ 21 ] CVE-2022-32221
https://nvd.nist.gov/vuln/detail/CVE-2022-32221
[ 22 ] CVE-2022-35252
https://nvd.nist.gov/vuln/detail/CVE-2022-35252
[ 23 ] CVE-2022-35260
https://nvd.nist.gov/vuln/detail/CVE-2022-35260
[ 24 ] CVE-2022-42915
https://nvd.nist.gov/vuln/detail/CVE-2022-42915
[ 25 ] CVE-2022-42916
https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-01-23-4 macOS Ventura 13.2
macOS Ventura 13.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213605.
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)
curl
Available for: macOS Ventura
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.86.0.
CVE-2022-42915
CVE-2022-42916
CVE-2022-32221
CVE-2022-35260
dcerpc
Available for: macOS Ventura
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco
Talos
DiskArbitration
Available for: macOS Ventura
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)
ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to a denial-of-service
Description: A memory corruption issue was addressed with improved
state management.
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2023-23507: an anonymous researcher
Kernel
Available for: macOS Ventura
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: macOS Ventura
Impact: An app may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM
libxpc
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with improved
validation.
CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Mail Drafts
Available for: macOS Ventura
Impact: The quoted original message may be selected from the wrong
email when forwarding an email from an Exchange account
Description: A logic issue was addressed with improved state
management.
CVE-2023-23498: an anonymous researcher
Maps
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2023-23503: an anonymous researcher
PackageKit
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2023-23497: Mickey Jin (@patch1t)
Safari
Available for: macOS Ventura
Impact: An app may be able to access a user’s Safari history
Description: A permissions issue was addressed with improved
validation.
CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Safari
Available for: macOS Ventura
Impact: Visiting a website may lead to an app denial-of-service
Description: The issue was addressed with improved handling of
caches.
CVE-2023-23512: Adriatik Raci
Screen Time
Available for: macOS Ventura
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)
Vim
Available for: macOS Ventura
Impact: Multiple issues in Vim
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-3705
Weather
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an
anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,
Chinese Academy of Sciences
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 248268
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
WebKit Bugzilla: 248268
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
Wi-Fi
Available for: macOS Ventura
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Windows Installer
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
CVE-2023-23508: Mickey Jin (@patch1t)
Additional recognition
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Nick Stenning of Replicate for their
assistance.
Shortcuts
We would like to acknowledge Baibhav Anand Jha from ReconWithMe and
Cristian Dinca of Tudor Vianu National High School of Computer
Science, Romania for their assistance.
WebKit
We would like to acknowledge Eliya Stein of Confiant for their
assistance.
macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke
Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk
7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb
m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U
VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd
Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp
TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK
rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg
joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9
3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq
QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU
/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=
=pcJ4
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
Advisory ID: RHSA-2022:8840-01
Product: Red Hat JBoss Core Services
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8840
Issue date: 2022-12-08
CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721
CVE-2022-23943 CVE-2022-26377 CVE-2022-28330
CVE-2022-28614 CVE-2022-28615 CVE-2022-30522
CVE-2022-31813 CVE-2022-32206 CVE-2022-32207
CVE-2022-32208 CVE-2022-32221 CVE-2022-35252
CVE-2022-42915 CVE-2022-42916
====================================================================
1. Summary:
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64
Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64
3. Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat
JBoss middleware products. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51
Service Pack 1 serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which
are documented in the Release Notes document linked to in the References.
Security Fix(es):
* curl: HSTS bypass via IDN (CVE-2022-42916)
* curl: HTTP proxy double-free (CVE-2022-42915)
* curl: POST following PUT confusion (CVE-2022-32221)
* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
(CVE-2022-31813)
* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
* curl: control code in cookie denial of service (CVE-2022-35252)
* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
* curl: Unpreserved file permissions (CVE-2022-32207)
* curl: various flaws (CVE-2022-32206 CVE-2022-32208)
* openssl: the c_rehash script allows command injection (CVE-2022-2068)
* openssl: c_rehash script allows command injection (CVE-2022-1292)
* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large
or unlimited LimitXMLRequestBody (CVE-2022-22721)
* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds
(CVE-2022-23943)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for
this update to take effect. After installing the updated packages, the
httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling
2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read
2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()
2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection
2099300 - CVE-2022-32206 curl: HTTP compression denial of service
2099305 - CVE-2022-32207 curl: Unpreserved file permissions
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
2120718 - CVE-2022-35252 curl: control code in cookie denial of service
2135411 - CVE-2022-32221 curl: POST following PUT confusion
2135413 - CVE-2022-42915 curl: HTTP proxy double-free
2135416 - CVE-2022-42916 curl: HSTS bypass via IDN
6. Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source:
jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm
jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm
jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm
jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm
jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm
jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm
jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm
jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm
jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm
jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm
noarch:
jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm
x86_64:
jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm
jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm
jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm
jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm
jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm
jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm
jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm
jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm
jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm
Red Hat JBoss Core Services on RHEL 8:
Source:
jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm
jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm
jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm
jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm
jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm
jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm
jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm
jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm
jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm
jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm
noarch:
jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm
x86_64:
jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm
jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm
jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm
jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm
jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm
jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm
jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm
jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm
jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm
jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-1292
https://access.redhat.com/security/cve/CVE-2022-2068
https://access.redhat.com/security/cve/CVE-2022-22721
https://access.redhat.com/security/cve/CVE-2022-23943
https://access.redhat.com/security/cve/CVE-2022-26377
https://access.redhat.com/security/cve/CVE-2022-28330
https://access.redhat.com/security/cve/CVE-2022-28614
https://access.redhat.com/security/cve/CVE-2022-28615
https://access.redhat.com/security/cve/CVE-2022-30522
https://access.redhat.com/security/cve/CVE-2022-31813
https://access.redhat.com/security/cve/CVE-2022-32206
https://access.redhat.com/security/cve/CVE-2022-32207
https://access.redhat.com/security/cve/CVE-2022-32208
https://access.redhat.com/security/cve/CVE-2022-32221
https://access.redhat.com/security/cve/CVE-2022-35252
https://access.redhat.com/security/cve/CVE-2022-42915
https://access.redhat.com/security/cve/CVE-2022-42916
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc
| VAR-202210-1887 | CVE-2022-35260 | Haxx of cURL Out-of-Bounds Write Vulnerability in Other Vendors' Products |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. Haxx of cURL Products from other vendors have out-of-bounds write vulnerabilities.Service operation interruption (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5702-1
October 26, 2022
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc
files. If an attacker were able to provide a specially crafted .netrc file,
this issue could cause curl to crash, resulting in a denial of service.
This issue only affected Ubuntu 22.10. (CVE-2022-35260)
It was discovered that curl incorrectly handled certain HTTP proxy return
codes. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)
Hiroki Kurosawa discovered that curl incorrectly handled HSTS support
when certain hostnames included IDN characters. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
curl 7.85.0-1ubuntu0.1
libcurl3-gnutls 7.85.0-1ubuntu0.1
libcurl3-nss 7.85.0-1ubuntu0.1
libcurl4 7.85.0-1ubuntu0.1
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.6
libcurl3-gnutls 7.81.0-1ubuntu1.6
libcurl3-nss 7.81.0-1ubuntu1.6
libcurl4 7.81.0-1ubuntu1.6
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.14
libcurl3-gnutls 7.68.0-1ubuntu2.14
libcurl3-nss 7.68.0-1ubuntu2.14
libcurl4 7.68.0-1ubuntu2.14
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.21
libcurl3-gnutls 7.58.0-2ubuntu3.21
libcurl3-nss 7.58.0-2ubuntu3.21
libcurl4 7.58.0-2ubuntu3.21
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: curl: Multiple Vulnerabilities
Date: December 19, 2022
Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365
ID: 202212-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in curl, the worst of which
could result in arbitrary code execution.
Background
=========
A command line tool and library for transferring data with URLs.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
==========
Multiple vulnerabilities have been discovered in curl. Please review the
CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All curl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
=========
[ 1 ] CVE-2021-22922
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
[ 2 ] CVE-2021-22923
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
[ 3 ] CVE-2021-22925
https://nvd.nist.gov/vuln/detail/CVE-2021-22925
[ 4 ] CVE-2021-22926
https://nvd.nist.gov/vuln/detail/CVE-2021-22926
[ 5 ] CVE-2021-22945
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
[ 6 ] CVE-2021-22946
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
[ 7 ] CVE-2021-22947
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
[ 8 ] CVE-2022-22576
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
[ 9 ] CVE-2022-27774
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
[ 10 ] CVE-2022-27775
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
[ 11 ] CVE-2022-27776
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
[ 12 ] CVE-2022-27779
https://nvd.nist.gov/vuln/detail/CVE-2022-27779
[ 13 ] CVE-2022-27780
https://nvd.nist.gov/vuln/detail/CVE-2022-27780
[ 14 ] CVE-2022-27781
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
[ 15 ] CVE-2022-27782
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
[ 16 ] CVE-2022-30115
https://nvd.nist.gov/vuln/detail/CVE-2022-30115
[ 17 ] CVE-2022-32205
https://nvd.nist.gov/vuln/detail/CVE-2022-32205
[ 18 ] CVE-2022-32206
https://nvd.nist.gov/vuln/detail/CVE-2022-32206
[ 19 ] CVE-2022-32207
https://nvd.nist.gov/vuln/detail/CVE-2022-32207
[ 20 ] CVE-2022-32208
https://nvd.nist.gov/vuln/detail/CVE-2022-32208
[ 21 ] CVE-2022-32221
https://nvd.nist.gov/vuln/detail/CVE-2022-32221
[ 22 ] CVE-2022-35252
https://nvd.nist.gov/vuln/detail/CVE-2022-35252
[ 23 ] CVE-2022-35260
https://nvd.nist.gov/vuln/detail/CVE-2022-35260
[ 24 ] CVE-2022-42915
https://nvd.nist.gov/vuln/detail/CVE-2022-42915
[ 25 ] CVE-2022-42916
https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-01-23-4 macOS Ventura 13.2
macOS Ventura 13.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213605.
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.
CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)
curl
Available for: macOS Ventura
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.86.0.
CVE-2022-42915
CVE-2022-42916
CVE-2022-32221
CVE-2022-35260
dcerpc
Available for: macOS Ventura
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco
Talos
DiskArbitration
Available for: macOS Ventura
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)
ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to a denial-of-service
Description: A memory corruption issue was addressed with improved
state management.
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2023-23507: an anonymous researcher
Kernel
Available for: macOS Ventura
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: macOS Ventura
Impact: An app may be able to determine kernel memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23504: Adam Doupé of ASU SEFCOM
libxpc
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with improved
validation.
CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Mail Drafts
Available for: macOS Ventura
Impact: The quoted original message may be selected from the wrong
email when forwarding an email from an Exchange account
Description: A logic issue was addressed with improved state
management.
CVE-2023-23498: an anonymous researcher
Maps
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2023-23503: an anonymous researcher
PackageKit
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2023-23497: Mickey Jin (@patch1t)
Safari
Available for: macOS Ventura
Impact: An app may be able to access a user’s Safari history
Description: A permissions issue was addressed with improved
validation.
CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Safari
Available for: macOS Ventura
Impact: Visiting a website may lead to an app denial-of-service
Description: The issue was addressed with improved handling of
caches.
CVE-2023-23512: Adriatik Raci
Screen Time
Available for: macOS Ventura
Impact: An app may be able to access information about a user’s
contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)
Vim
Available for: macOS Ventura
Impact: Multiple issues in Vim
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-3705
Weather
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an
anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 245464
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,
Chinese Academy of Sciences
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 248268
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
WebKit Bugzilla: 248268
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
Wi-Fi
Available for: macOS Ventura
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Windows Installer
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved memory handling.
CVE-2023-23508: Mickey Jin (@patch1t)
Additional recognition
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
Kernel
We would like to acknowledge Nick Stenning of Replicate for their
assistance.
Shortcuts
We would like to acknowledge Baibhav Anand Jha from ReconWithMe and
Cristian Dinca of Tudor Vianu National High School of Computer
Science, Romania for their assistance.
WebKit
We would like to acknowledge Eliya Stein of Confiant for their
assistance.
macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke
Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk
7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb
m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U
VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd
Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp
TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK
rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg
joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9
3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq
QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU
/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=
=pcJ4
-----END PGP SIGNATURE-----
| VAR-202210-1861 | CVE-2022-41133 | Delta Electronics, INC. of DIAEnergie In SQL Injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202210-1973 | CVE-2022-43749 | Synology Inc. of presto file server Vulnerability in privilege management in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. Synology Inc. of presto file server Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state