SB2022102435 - Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Published: October 24, 2022 Updated: December 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2022-42830)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in ppp implementation. A local privileged application can trigger memory corruption and execute arbitrary code with kernel privileges.
2) Buffer overflow (CVE-ID: CVE-2022-32922)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDf files in WebKit PDF. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Information disclosure (CVE-ID: CVE-2022-42824)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and gain access to potentially sensitive information.
4) Type Confusion (CVE-ID: CVE-2022-42823)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Spoofing attack (CVE-ID: CVE-2022-42799)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can trick the victim to visit a specially crafted website and spoof user interface.
6) Information disclosure (CVE-ID: CVE-2022-32938)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists in the way Shortcuts handle directory paths. A shortcut may be able to check the existence of an arbitrary path on the file system.
7) Security features bypass (CVE-ID: CVE-2022-42811)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can gain unauthorized access to user information.
8) Race condition (CVE-ID: CVE-2022-42832)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within ppp implementation. A local application can exploit the race and execute arbitrary code with kernel privileges.
9) Race condition (CVE-ID: CVE-2022-42831)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within ppp implementation. A local application can exploit the race and execute arbitrary code with kernel privileges.
10) Use-after-free (CVE-ID: CVE-2022-42829)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within ppp implementation. A local privileged application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-42825)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions within the AppleMobileFileIntegrity. A local application can modify protected parts of the filesystem.
12) Out-of-bounds write (CVE-ID: CVE-2022-42827)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
13) Out-of-bounds write (CVE-ID: CVE-2022-42808)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A remote application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
14) Buffer overflow (CVE-ID: CVE-2022-32924)
The vulnerability allows a local application to escalate privileges on the system.
The
vulnerability exists due to a boundary error in OS kernel. A local
application can trigger memory corruption and execute arbitrary code with kernel privileges.
15) Race condition (CVE-ID: CVE-2022-42806)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in IOKit. A local application can exploit the race and execute arbitrary code with kernel privileges.
16) Buffer overflow (CVE-ID: CVE-2022-42820)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOHIDFamily. A local application can trigger memory corruption and execute arbitrary code on the system.
17) Buffer overflow (CVE-ID: CVE-2022-32947)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within GPU Drivers. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32946)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect permissions management in Core Bluetooth. A local application can record audio using a pair of connected AirPods.
19) Improper Certificate Validation (CVE-ID: CVE-2022-42813)
The vulnerability allows a remote attacker to perform MitM attacks.
The vulnerability exists due to improper certificate validation when handling WKWebView in CFNetwork. A remote attacker can forge a digital certificate, perform MitM attack and compromise the affected system.
20) Buffer overflow (CVE-ID: CVE-2022-32940)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within AVEVideoEncoder. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
21) Information disclosure (CVE-ID: CVE-2022-32923)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in WebKit due to an error in the JIT implementation. A remote attacker can trick the victim to visit a malicious website and disclose internal states of the application.
22) Buffer overflow (CVE-ID: CVE-2022-32926)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
23) Input validation error (CVE-ID: CVE-2022-32927)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Wi-Fi subsystem. A remote attacker can cause a denial-of-service of the Settings app when connecting to a malicious Wi-Fi network.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32929)
The vulnerability allows a local application to gain access to iOS backups.
The vulnerability exists due to insecure permissions within the Backup feature. A local application can gain access to iOS backups.
25) Buffer overflow (CVE-ID: CVE-2022-32932)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
26) Security features bypass (CVE-ID: CVE-2022-32935)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to FaceTime allows interaction with sensitive content via lock screen. An attacker with physical access to device can view restricted content from the lock screen.
27) Buffer overflow (CVE-ID: CVE-2022-32939)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Graphics Driver. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
28) Buffer overflow (CVE-ID: CVE-2022-32941)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within ppp implementation. A remote attacker can trick the victim into connecting to a malicious PPP server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Buffer overflow (CVE-ID: CVE-2022-32944)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
30) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
31) Out-of-bounds read (CVE-ID: CVE-2022-42798)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when parsing media files in the Audio subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.
32) Heap-based buffer overflow (CVE-ID: CVE-2022-42800)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing gzip files. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-42801)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the OS kernel. A local application can execute arbitrary code with kernel privileges.
34) Race condition (CVE-ID: CVE-2022-42803)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition within the OS kernel. A local application can exploit the race and escalate privileges on the system.
35) Out-of-bounds read (CVE-ID: CVE-2022-42810)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
36) Information disclosure (CVE-ID: CVE-2022-42817)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Safari. A remote attacker trick the victim into visiting a malicious website and gain access to sensitive information.
37) Improper access control (CVE-ID: CVE-2022-32945)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Core Bluetooth implementation. A local application can perform unauthorized recording of audio with paired AirPods.
38) Use-after-free (CVE-ID: CVE-2022-42826)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
39) Information disclosure (CVE-ID: CVE-2022-42792)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in Weather. A local application can obtain sensitive location information.
40) Security features bypass (CVE-ID: CVE-2022-46715)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in NetworkExtension. A local application can bypass certain Privacy preferences.
41) Use-after-free (CVE-ID: CVE-2022-46712)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel subsystem. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
42) Buffer overflow (CVE-ID: CVE-2022-42828)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in VPN. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
43) Information disclosure (CVE-ID: CVE-2022-32909)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to insecure handling of cache entries within Apple TV. A local application can obtain sensitive user information.
Remediation
Install update from vendor's website.