Multiple vulnerabilities in Apple tvOS



Published: 2022-05-17 | Updated: 2022-07-03
Risk High
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2022-26757
CVE-2022-26745
CVE-2022-26719
CVE-2022-26716
CVE-2022-26717
CVE-2022-26710
CVE-2022-26709
CVE-2022-26700
CVE-2022-26766
CVE-2022-23308
CVE-2022-26706
CVE-2022-26765
CVE-2022-26764
CVE-2022-26714
CVE-2022-26702
CVE-2022-26771
CVE-2022-26768
CVE-2022-26701
CVE-2022-26711
CVE-2022-26763
CVE-2022-26740
CVE-2022-26739
CVE-2022-26738
CVE-2022-26737
CVE-2022-26736
CVE-2022-22675
CVE-2022-26724
CWE-ID CWE-416
CWE-119
CWE-310
CWE-264
CWE-362
CWE-190
CWE-787
CWE-287
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #20 is available.
Vulnerability #26 is being exploited in the wild.
Vulnerable software
Subscribe
tvOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU63258

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26757

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU63286

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26745

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a boundary error in Wi-Fi component. A local application can gain read access to restricted memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU63284

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26719

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU63283

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26716

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Use-after-free

EUVDB-ID: #VU63282

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26717

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Use-after-free

EUVDB-ID: #VU63281

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26710

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Use-after-free

EUVDB-ID: #VU63280

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26709

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Buffer overflow

EUVDB-ID: #VU63279

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26700

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Cryptographic issues

EUVDB-ID: #VU63271

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26766

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: Yes

Description

The vulnerability allows a local application to bypass signature validation.

The vulnerability exists due to a certificate parsing issue in the Security subsystem. A local application can bypass signature validation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Use-after-free

EUVDB-ID: #VU60922

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-23308

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63261

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26706

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass sandbox restrictions.

The vulnerability exists due to sandbox bypass in LaunchServices. A local application can circumvent sandbox restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Race condition

EUVDB-ID: #VU63260

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26765

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the OS kernel subsystem. A local user can exploit the race to bypass Pointer Authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Buffer overflow

EUVDB-ID: #VU63259

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26764

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can trigger memory corruption and bypass kernel memory mitigations to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Buffer overflow

EUVDB-ID: #VU63257

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26714

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Use-after-free

EUVDB-ID: #VU63291

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26702

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in AppleAVD. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Buffer overflow

EUVDB-ID: #VU63293

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26771

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Buffer overflow

EUVDB-ID: #VU63255

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26768

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOMobileFrameBuffer. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Race condition

EUVDB-ID: #VU63254

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26701

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in IOKit. A local application can exploit the race and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Integer overflow

EUVDB-ID: #VU63247

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26711

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when parsing WebP images in the ImageIO framework. A remote attacker can trick the victim into opening a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Out-of-bounds write

EUVDB-ID: #VU63246

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26763

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in DriverKit. A local application can execute arbitrary code with system privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Out-of-bounds write

EUVDB-ID: #VU63242

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26740

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Out-of-bounds write

EUVDB-ID: #VU63241

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26739

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Out-of-bounds write

EUVDB-ID: #VU63240

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26738

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Out-of-bounds write

EUVDB-ID: #VU63239

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26737

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Out-of-bounds write

EUVDB-ID: #VU63238

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26736

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Out-of-bounds write

EUVDB-ID: #VU61773

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-22675

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Improper Authentication

EUVDB-ID: #VU63298

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26724

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in AuthKit. A local user can enable iCloud Photos without authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

tvOS: 15.0 19J346 - 15.4.1 19L452


CPE2.3 External links

http://support.apple.com/en-us/HT213254

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###