#VU68798 Out-of-bounds read in Apple iOS and iPadOS


Published: 2022-10-27 | Updated: 2022-10-28

Vulnerability identifier: #VU68798

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42798

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apple iOS
Operating systems & Components / Operating system
iPadOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing media files in the Audio subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apple iOS: 15.0 19A346 - 15.7 19H12

iPadOS: 15.0 19A346 - 15.7 19H12


CPE

External links
http://support.apple.com/en-us/HT213490


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability