SB2022091234 - Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Published: September 12, 2022 Updated: March 20, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 51 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32854)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions within the Contacts app. A local application can bypass Privacy preferences.
2) Buffer overflow (CVE-ID: CVE-2022-32911)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
3) Out-of-bounds read (CVE-ID: CVE-2022-32864)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds read error and read kernel memory.
4) Buffer overflow (CVE-ID: CVE-2022-32917)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
5) Information disclosure (CVE-ID: CVE-2022-32883)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a logic issue in the Maps component. A remote attacker can gain unauthorized access to sensitive location information.
6) Buffer overflow (CVE-ID: CVE-2022-32908)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in MediaLibrary. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Information disclosure (CVE-ID: CVE-2022-32868)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data exposure. A remote attacker can track users through Safari web extensions.
8) Buffer overflow (CVE-ID: CVE-2022-32886)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Out-of-bounds read (CVE-ID: CVE-2022-32912)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
10) Spoofing attack (CVE-ID: CVE-2022-32795)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of web content in Safari. A remote attacker can spoof the address bar of a page content.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32872)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to logic issue in Shortcuts. An attacker with physical access to device can access photos from the lock screen.
12) Buffer overflow (CVE-ID: CVE-2021-36690)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a segmentation fault in the sqlite3 command-line component when processing SQL queries in the idxGetTableInfo() function. A local user can pass a specially crafted SQL query and crash the application.
13) Out-of-bounds read (CVE-ID: CVE-2022-1622)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary condition in LZWDecode() function in libtiff/tif_lzw.c:619. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and to perform a denial of service attack.
14) Buffer overflow (CVE-ID: CVE-2022-26744)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can execute arbitrary code with kernel privileges.
15) Buffer overflow (CVE-ID: CVE-2022-32827)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AppleAVD. A local application can trigger memory corruption and crash the system.
16) Information disclosure (CVE-ID: CVE-2022-32835)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error in Watch app. A local application can obtain a persistent device identifier.
17) Out-of-bounds read (CVE-ID: CVE-2022-32858)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Apple Neural Engine. A local application can trigger an out-of-bounds read error and read sensitive kernel state.
18) State Issues (CVE-ID: CVE-2022-32859)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists in Time Zone due to incorrect handling of deleted contacts, which still appear in the spotlight search results.
19) Buffer overflow (CVE-ID: CVE-2022-32865)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in DriverKit. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
20) Buffer overflow (CVE-ID: CVE-2022-32866)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
21) Improper access control (CVE-ID: CVE-2022-32867)
The vulnerability allows a local attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in Crash Reporter. An attacker with physical access to device can read data past diagnostic logs.
22) Security features bypass (CVE-ID: CVE-2022-32870)
The vulnerability allows an attacker to gain access to sensitive information.
The
vulnerability exists due to a logic issue in Siri. An attacker
with physical access to device can obtain certain call history information.
23) Information disclosure (CVE-ID: CVE-2022-32875)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the Weather app. A local application can gain unauthorized access to location information.
24) Information disclosure (CVE-ID: CVE-2022-32879)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper state management in Notifications. An attacker with physical access to device can access contacts from the lock screen.
25) Security features bypass (CVE-ID: CVE-2022-32881)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can modify protected parts of the filesystem.26) Buffer overflow (CVE-ID: CVE-2022-32887)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOGPUFamily. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
27) Out-of-bounds write (CVE-ID: CVE-2022-32888)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
28) Buffer overflow (CVE-ID: CVE-2022-32889)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.29) Spoofing attack (CVE-ID: CVE-2022-32891)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of frames on the webpage within WebKit. A remote attacker can spoof page content.
30) Security features bypass (CVE-ID: CVE-2022-32892)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions within WebKit Sandboxing. A remote attacker can trick the victim into visiting a specially crafted website and bypass implemented sandbox restrictions on the browser process.
31) Buffer overflow (CVE-ID: CVE-2022-32898)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
32) Buffer overflow (CVE-ID: CVE-2022-32899)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
33) Use-after-free (CVE-ID: CVE-2022-32903)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in GPU Drivers. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
34) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32907)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleAVD. A local application can execute arbitrary code with kernel privileges.
35) Information disclosure (CVE-ID: CVE-2022-32909)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to insecure handling of cache entries within Apple TV. A local application can obtain sensitive user information.
36) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32913)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the Image Processing subsystem. A local sandboxed application can determine, which app is currently using the camera.
37) Use-after-free (CVE-ID: CVE-2022-32914)
The vulnerability allows a local application to escalate privileges on the system.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32918)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Photos. A local application can bypass Privacy preferences.
39) Out-of-bounds write (CVE-ID: CVE-2022-32925)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Wi-Fi subsystem. A local application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
40) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2022-32928)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error within the Exchange app. A remote attacker on the local network can intercept mail credentials.
41) Security features bypass (CVE-ID: CVE-2022-42790)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to a logic issue in the Sidecar. An attacker with physical access to device can view restricted content from the lock screen.
42) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-42793)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect verification of cryptographic signature within the Security component. A remote attacker can trick the victim into running a malicious app that appears to have a valid signature and compromise the affected system.
43) Buffer overflow (CVE-ID: CVE-2022-42795)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Accelerate Framework. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Out-of-bounds read (CVE-ID: CVE-2022-32916)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the iOS kernel. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
45) Cleartext storage of sensitive information (CVE-ID: CVE-2022-32833)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists in the way website data are stored within the WebKit Storage. A local application can gain access to potentially sensitive information.
46) Race condition (CVE-ID: CVE-2022-42791)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the Software Update component. A local application can exploit the race and execute arbitrary code with kernel privileges.
47) Buffer overflow (CVE-ID: CVE-2022-46709)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
48) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32871)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Siri. An attacker with physical access to device can use Siri to access private calendar information.
49) Security restrictions bypass (CVE-ID: CVE-2022-22643)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in FaceTime due to the ability to send audio and video files without knowledge of the user. An attacker with physical access to the system can share sensitive information via FaceTime.
50) Out-of-bounds write (CVE-ID: CVE-2022-32793)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in GPU drivers. A local application can trigger an out-of-bounds write error and execute arbitrary code with root privileges.
51) Improper access control (CVE-ID: CVE-2022-32877)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in GarageBand. A local application can bypass implemented security restrictions and gain unauthorized access to sensitive user information.
Remediation
Install update from vendor's website.