Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.4527.2
APPLE-SA-2022-10-27-3 Additional information for
APPLE-SA-2022-09-12-1 iOS 16
1 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iOS 16
Publisher: Apple
Operating System: Apple iOS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-42795 CVE-2022-42793 CVE-2022-42790
CVE-2022-32928 CVE-2022-32925 CVE-2022-32918
CVE-2022-32917 CVE-2022-32914 CVE-2022-32913
CVE-2022-32912 CVE-2022-32911 CVE-2022-32909
CVE-2022-32908 CVE-2022-32907 CVE-2022-32903
CVE-2022-32899 CVE-2022-32898 CVE-2022-32892
CVE-2022-32891 CVE-2022-32889 CVE-2022-32888
CVE-2022-32887 CVE-2022-32886 CVE-2022-32883
CVE-2022-32881 CVE-2022-32879 CVE-2022-32875
CVE-2022-32872 CVE-2022-32870 CVE-2022-32868
CVE-2022-32867 CVE-2022-32866 CVE-2022-32865
CVE-2022-32864 CVE-2022-32859 CVE-2022-32858
CVE-2022-32854 CVE-2022-32835 CVE-2022-32827
CVE-2022-32795 CVE-2022-26744 CVE-2022-1622
CVE-2021-36690
Original Bulletin:
https://support.apple.com/HT213446
Comment: CVSS (Max): 8.8* CVE-2022-32912 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: [NVD], Red Hat
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* Not all CVSS available when published
Revision History: November 1 2022: Multiple CVEs added to the advisory
September 13 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.
Accelerate Framework
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795: ryuzaki
Entry added October 27, 2022
AppleAVD
Available for: iPhone 8 and later
Impact: An app may be able to cause a denial-of-service
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of
Google Project Zero, and an anonymous researcher
Entry added October 27, 2022
AppleAVD
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio
Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research
s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)
Entry added October 27, 2022
Apple Neural Engine
Available for: iPhone 8 and later
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32858: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Apple Neural Engine
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32898: Mohamed Ghannam (@_simo36)
CVE-2022-32899: Mohamed Ghannam (@_simo36)
CVE-2022-32889: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Apple TV
Available for: iPhone 8 and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Crash Reporter
Available for: iPhone 8 and later
Impact: A user with physical access to an iOS device may be able to
read past diagnostic logs
Description: This issue was addressed with improved data protection.
CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
Entry added October 27, 2022
DriverKit
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022
Exchange
Available for: iPhone 8 and later
Impact: A user in a privileged network position may be able to
intercept mail credentials
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32928: an anonymous researcher
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26744: an anonymous researcher
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32903: an anonymous researcher
Entry added October 27, 2022
ImageIO
Available for: iPhone 8 and later
Impact: Processing an image may lead to a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2022-1622
Entry added October 27, 2022
Image Processing
Available for: iPhone 8 and later
Impact: A sandboxed app may be able to determine which app is
currently using the camera
Description: The issue was addressed with additional restrictions on
the observability of app states.
CVE-2022-32913: Yigit Can YILMAZ (@yilmazcanyigit)
Entry added October 27, 2022
IOGPUFamily
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32887: an anonymous researcher
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32914: Zweig of Kunlun Lab
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)
CVE-2022-32911: Zweig of Kunlun Lab
Entry updated October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges.
Description: The issue was addressed with improved bounds checks.
CVE-2022-32917: an anonymous researcher
Maps
Available for: iPhone 8 and later
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary
Available for: iPhone 8 and later
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-32908: an anonymous researcher
Notifications
Available for: iPhone 8 and later
Impact: A user with physical access to a device may be able to access
contacts from the lock screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-32879: Ubeydullah Sümer
Entry added October 27, 2022
Photos
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved data protection.
CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha
Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort
(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan
of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
Entry added October 27, 2022
Safari
Available for: iPhone 8 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: This issue was addressed with improved checks.
CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari Extensions
Available for: iPhone 8 and later
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael
Sandbox
Available for: iPhone 8 and later
Impact: An app may be able to modify protected parts of the file
system
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
Security
Available for: iPhone 8 and later
Impact: An app may be able to bypass code signing checks
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022
Shortcuts
Available for: iPhone 8 and later
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32872: Elite Tech Guru
Sidecar
Available for: iPhone 8 and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-42790: Om kothawade of Zaprico Digital
Entry added October 27, 2022
Siri
Available for: iPhone 8 and later
Impact: A user with physical access to a device may be able to use
Siri to obtain some call history information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32870: Andrew Goldberg of The McCombs School of Business,
The University of Texas at Austin (linkedin.com/andrew-goldberg-/)
Entry added October 27, 2022
SQLite
Available for: iPhone 8 and later
Impact: A remote user may be able to cause a denial-of-service
Description: This issue was addressed with improved checks.
CVE-2021-36690
Entry added October 27, 2022
Time Zone
Available for: iPhone 8 and later
Impact: Deleted contacts may still appear in spotlight search results
Description: A logic issue was addressed with improved state
management.
CVE-2022-32859
Entry added October 27, 2022
Watch app
Available for: iPhone 8 and later
Impact: An app may be able to read a persistent device identifier
Description: This issue was addressed with improved entitlements.
CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Entry added October 27, 2022
Weather
Available for: iPhone 8 and later
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32875: an anonymous researcher
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
WebKit Bugzilla: 242047
CVE-2022-32888: P1umer (@p1umer)
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243236
CVE-2022-32891: @real_as3617, and an anonymous researcher
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with
Trend Micro Zero Day Initiative
WebKit Sandboxing
Available for: iPhone 8 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improvements to the
sandbox.
WebKit Bugzilla: 243181
CVE-2022-32892: @18*** and @jq0904 of DBAppSecurity's WeBin lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32925: Wang Yu of Cyberserval
Entry added October 27, 2022
Additional recognition
AirDrop
We would like to acknowledge Alexander Heinrich, Milan Stute, and
Christian Weinert of Technical University of Darmstadt for their
assistance.
Entry added October 27, 2022
AppleCredentialManager
We would like to acknowledge @jonathandata1 for their assistance.
Entry added October 27, 2022
Calendar UI
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of
Lakshmi Narain College Of Technology Bhopal for their assistance.
Entry added October 27, 2022
FaceTime
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Find My
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Game Center
We would like to acknowledge Joshua Jones for their assistance.
iCloud
We would like to acknowledge Bulent Aytulun, and an anonymous
researcher for their assistance.
Entry added October 27, 2022
Identity Services
We would like to acknowledge Joshua Jones for their assistance.
Kernel
We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting
Yin of Tsinghua University, and Min Zheng of Ant Group, and an
anonymous researcher for their assistance.
Entry added October 27, 2022
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Notes
We would like to acknowledge Edward Riley of Iron Cloud Limited
(ironclouduk.com) for their assistance.
Entry added October 27, 2022
Photo Booth
We would like to acknowledge Prashanth Kannan of Dremio for their
assistance.
Entry added October 27, 2022
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added October 27, 2022
Shortcuts
We would like to acknowledge Shay Dror for their assistance.
Entry added October 27, 2022
SOS
We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber
Security Lab for their assistance.
Entry added October 27, 2022
UIKit
We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an
anonymous researcher for their assistance.
Entry added October 27, 2022
WebKit
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 16".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke
NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC
C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7
K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM
ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK
Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU
Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp
rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K
tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU
rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ
Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR
nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=
=I+iq
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2CobMkNZI30y1K9AQgCuQ/9FnVxVqupsWfy2TFbKKZBkND0NRuS/qO0
RZPKy7WLVWGYvzWDZb9BD6TIudfbO4S7ybncxYPtLRm4j5qD7sn5/z3pG08bT0lz
/sF2SrqgoUx6seJGCZe8jgTc3KL5XuRjTyJ733FBQHmVCPvL4B3Wszwwt3qhrjLm
td7ff3MAwUsY8YxIFvMMgmV6UZiofRZ4EJ09S06sUOF3tVMlziLj2NxUzB7D8xEu
z2r22j/460HXQSPbqXSLseXk1sHhmixNYnJUMfXCUmZOmTMKDy1RnXDrVijyJk/M
YPY7gld56FU6LkCs8QRiMl1FoHv6qGUm4bKBES6B2YWjgbvci3DOegyl58cjUDNb
NabiDmJb6ca2hCqNarjTRodr48aGQ/SWWawT0i3SYMIABpkZ5OoBBKMFcg1PKIJr
ctPjG3CLzEjBamzQfuuVOE8CMXftIVIB05IBnYet8SBHC+83qhpHIle4Z4vdRfBd
pI/uU9eR/iDbYU36WqtiMdYeeShY1/Sn9V3M4hv/9a+Ex7kbhOI5RXhNZAjybJ8X
wz+BI+/vBH0zIlMwWTMTDNU99YM0b3jZtVPN3CroMM782AIMVW5KdYLH0u4lM7Wd
e0xcrYE5K7UjhgRk2RD7Tqs/5E2GlHSlmzmCo9iPE2cOZGEmVmDajV4vajVGLkFL
CHlbVIgD+GA=
=lQaX
-----END PGP SIGNATURE-----