SB2022102435 - Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Published: October 24, 2022 Updated: December 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-42830)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in ppp implementation. A local privileged application can trigger memory corruption and execute arbitrary code with kernel privileges.
2) Buffer overflow (CVE-ID: CVE-2022-32922)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDf files in WebKit PDF. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Information disclosure (CVE-ID: CVE-2022-42824)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and gain access to potentially sensitive information.
4) Type Confusion (CVE-ID: CVE-2022-42823)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Spoofing attack (CVE-ID: CVE-2022-42799)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can trick the victim to visit a specially crafted website and spoof user interface.
6) Information disclosure (CVE-ID: CVE-2022-32938)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists in the way Shortcuts handle directory paths. A shortcut may be able to check the existence of an arbitrary path on the file system.
7) Security features bypass (CVE-ID: CVE-2022-42811)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can gain unauthorized access to user information.
8) Race condition (CVE-ID: CVE-2022-42832)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within ppp implementation. A local application can exploit the race and execute arbitrary code with kernel privileges.
9) Race condition (CVE-ID: CVE-2022-42831)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within ppp implementation. A local application can exploit the race and execute arbitrary code with kernel privileges.
10) Use-after-free (CVE-ID: CVE-2022-42829)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within ppp implementation. A local privileged application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-42825)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions within the AppleMobileFileIntegrity. A local application can modify protected parts of the filesystem.
12) Out-of-bounds write (CVE-ID: CVE-2022-42827)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
13) Out-of-bounds write (CVE-ID: CVE-2022-42808)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A remote application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
14) Buffer overflow (CVE-ID: CVE-2022-32924)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The
vulnerability exists due to a boundary error in OS kernel. A local
application can trigger memory corruption and execute arbitrary code with kernel privileges.
15) Race condition (CVE-ID: CVE-2022-42806)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in IOKit. A local application can exploit the race and execute arbitrary code with kernel privileges.
16) Buffer overflow (CVE-ID: CVE-2022-42820)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOHIDFamily. A local application can trigger memory corruption and execute arbitrary code on the system.
17) Buffer overflow (CVE-ID: CVE-2022-32947)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within GPU Drivers. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32946)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect permissions management in Core Bluetooth. A local application can record audio using a pair of connected AirPods.
19) Improper Certificate Validation (CVE-ID: CVE-2022-42813)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform MitM attacks.
The vulnerability exists due to improper certificate validation when handling WKWebView in CFNetwork. A remote attacker can forge a digital certificate, perform MitM attack and compromise the affected system.
20) Buffer overflow (CVE-ID: CVE-2022-32940)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within AVEVideoEncoder. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
21) Information disclosure (CVE-ID: CVE-2022-32923)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in WebKit due to an error in the JIT implementation. A remote attacker can trick the victim to visit a malicious website and disclose internal states of the application.
22) Buffer overflow (CVE-ID: CVE-2022-32926)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
23) Input validation error (CVE-ID: CVE-2022-32927)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Wi-Fi subsystem. A remote attacker can cause a denial-of-service of the Settings app when connecting to a malicious Wi-Fi network.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32929)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to iOS backups.
The vulnerability exists due to insecure permissions within the Backup feature. A local application can gain access to iOS backups.
25) Buffer overflow (CVE-ID: CVE-2022-32932)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
26) Security features bypass (CVE-ID: CVE-2022-32935)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to FaceTime allows interaction with sensitive content via lock screen. An attacker with physical access to device can view restricted content from the lock screen.
27) Buffer overflow (CVE-ID: CVE-2022-32939)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Graphics Driver. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
28) Buffer overflow (CVE-ID: CVE-2022-32941)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within ppp implementation. A remote attacker can trick the victim into connecting to a malicious PPP server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Buffer overflow (CVE-ID: CVE-2022-32944)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
30) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
31) Out-of-bounds read (CVE-ID: CVE-2022-42798)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when parsing media files in the Audio subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.
32) Heap-based buffer overflow (CVE-ID: CVE-2022-42800)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing gzip files. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-42801)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the OS kernel. A local application can execute arbitrary code with kernel privileges.
34) Race condition (CVE-ID: CVE-2022-42803)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the OS kernel. A local application can exploit the race and escalate privileges on the system.
35) Out-of-bounds read (CVE-ID: CVE-2022-42810)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
36) Information disclosure (CVE-ID: CVE-2022-42817)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Safari. A remote attacker trick the victim into visiting a malicious website and gain access to sensitive information.
37) Improper access control (CVE-ID: CVE-2022-32945)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Core Bluetooth implementation. A local application can perform unauthorized recording of audio with paired AirPods.
38) Use-after-free (CVE-ID: CVE-2022-42826)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
39) Information disclosure (CVE-ID: CVE-2022-42792)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Weather. A local application can obtain sensitive location information.
40) Security features bypass (CVE-ID: CVE-2022-46715)
CWE-ID: CWE-254 - Security Features
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in NetworkExtension. A local application can bypass certain Privacy preferences.
41) Use-after-free (CVE-ID: CVE-2022-46712)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel subsystem. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
42) Buffer overflow (CVE-ID: CVE-2022-42828)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in VPN. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
43) Information disclosure (CVE-ID: CVE-2022-32909)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to insecure handling of cache entries within Apple TV. A local application can obtain sensitive user information.
Remediation
Install update from vendor's website.