-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2022.4528.2
             APPLE-SA-2022-10-27-4 Additional information for
              APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7
                              1 November 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iOS 15.7
                   iPadOS 15.7
Publisher:         Apple
Operating System:  Apple iOS
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-42796 CVE-2022-42793 CVE-2022-42790
                   CVE-2022-32929 CVE-2022-32917 CVE-2022-32912
                   CVE-2022-32911 CVE-2022-32908 CVE-2022-32899
                   CVE-2022-32898 CVE-2022-32892 CVE-2022-32888
                   CVE-2022-32886 CVE-2022-32883 CVE-2022-32879
                   CVE-2022-32872 CVE-2022-32868 CVE-2022-32864
                   CVE-2022-32854 CVE-2022-32795 

Original Bulletin: 
   https://support.apple.com/HT213445

Comment: CVSS (Max):  8.8* CVE-2022-32912 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
         * Not all CVSS available when published

Revision History:  November   1 2022: Multiple CVEs added to the advisory
                   September 13 2022: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32898: Mohamed Ghannam (@_simo36)
CVE-2022-32899: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022

Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-42796: an anonymous researcher
Entry added October 27, 2022

Backup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022

Contacts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32911: Zweig of Kunlun Lab

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: The issue was addressed with improved bounds checks.
CVE-2022-32917: an anonymous researcher

Maps
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-32908: an anonymous researcher

Notifications
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user with physical access to a device may be able to access
contacts from the lock screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-32879: Ubeydullah Sumer
Entry added October 27, 2022

Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: This issue was addressed with improved checks.
CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati

Safari Extensions
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael

Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to bypass code signing checks
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022

Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32872: Elite Tech Guru

Sidecar
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-42790: Om kothawade of Zaprico Digital
Entry added October 27, 2022

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
WebKit Bugzilla: 242047
CVE-2022-32888: P1umer (@p1umer)
Entry added October 27, 2022

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with
Trend Micro Zero Day Initiative

WebKit Sandboxing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improvements to the
sandbox.
WebKit Bugzilla: 243181
CVE-2022-32892: @18*** and @jq0904 of DBAppSecurity's WeBin lab
Entry added October 27, 2022

Additional recognition

AppleCredentialManager
We would like to acknowledge @jonathandata1 for their assistance.
Entry added October 27, 2022

FaceTime
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022

Game Center
We would like to acknowledge Joshua Jones for their assistance.

Identity Services
We would like to acknowledge Joshua Jones for their assistance.

Kernel
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022

WebKit
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022

WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/  iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device.  The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device.  To
check that the iPhone, iPod touch, or iPad has been updated:  *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.7 and iPadOS 15.7".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke
NxmKtBAAgYVZuslBPfc7wOTq6iA3OQWP6+wl0osO8QNoSaKon3P+8Lx7kvqr4bRY
A0+PAeuOd4V+nmCOx3kpNOfNilcyRqbMl2CI/aGdurMD8vZF/+d2HkJr0CBCBi6q
LbohmH5G5ZautyI7DUn5KlD7uOTivozBZhT2zUiS/CzsSMVDZ+7/A+NuMy9/ofox
7mXQzFKPvej8z9YL5w/xuGdl98vuxSmIN6zP2hJbMbFjVsChoRRgol9S6bLB//Hw
+UAs/HVYSjEot5TYqhipf//CVzz1cNCt7gclhhKP3xiQIIHiVMD2ni9Wv3ctlbiN
XNhTK9rFar8u+9z3bVu3OWde1UTotfLP3/dF88V8TGw71fpL/jr5Hjd9uqtgMnKK
NOi7e695Q1H4u0rXnO58ycS5Cj/gr7RINfKqqZ71aZNEEwyMox9qlA7VAZ1Ucc+h
jnq3V/TT/tYgL9VmUTNVYIzvekJyNvC4vjEfgfD4O5flD2CJrdeADzd9oZdzBvHM
ZqPoj9czxuThWq21ObebCgvgp5arTyNUo41YryADRlZCppL6LNlcyh7BWPD9Vxm7
cPMgLuJgffRcD8jcl+Dj3g5BYXoj4l/RUqXGdQOmtjf1jgQaOlaY903Kfy1JFFyc
r3nNBauR8lqoSL4BvhSMnS/ppiTJlptGKgmkzps5OkwI07GCFWQ=
=oWI9
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY2CofskNZI30y1K9AQisfBAAsLK57YPvkozNkcQi8nH9FstfcBoPvHxr
1fqA8tPMtFPhtFxbunU1j6fvylE/t4veq9obexWwK9a5lMe6HRTwoe/6ra0G8dbW
YLA8d1/6GAcHEbWxnNyRL1kZJj9pW1ALt3sMAAnBtyLNitJBYdB4UVrySUqiqLt9
5uI+yCyWocVvzfS4IRw1PkcK6GjIcxdy9V/DNNB6d/YBahu/165G00nDEZ55Cv95
nPCRZL7JV9pBFUk1vx/SWDVQQuIZU+vXEmP51nQmNaYk0GRZFFneMNIxKdk58jl3
4u758BDZj9eC95pUlKwoLYQ7tW0jcw7wZHJYmclPioL8IbC+xflCoROaSnil25Tx
bs99BgbEEnnVRkk519gVr5PY4zg9bMAAMrhbJUgptRnhJ4aRryQaHriAgJ2dYTr/
Y1e8MFmbcAK1P5I0vO9QoUTpfLzWidOcAyuWFTzdl/7rCLi03uxXmPv2O0u70tBD
OD8axt6kNPZ5VeBloJnYWlzRyUheGMHGziLtMG6nAjpTzNtIwtr2P2XtK8ZnavXB
fWfA7Do/AtvQUEC7WGVQNyhNjrNmKb7oYkNZn9F8010eh7g0wJzw+U4eZMMKV4b4
BOzGKVeorKJWjzJx0CY9lslK9QPiyzoE1dBqutfjKhVQus22EhGLJg5F+kEROkgg
cnmyt6Wa/Pw=
=Wgi8
-----END PGP SIGNATURE-----