Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5303.2
APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
1 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iOS
iPadOS
Publisher: Apple
Operating System: Apple iOS
Resolution: Patch/Upgrade
CVE Names: CVE-2022-42832 CVE-2022-42831 CVE-2022-42830
CVE-2022-42829 CVE-2022-42827 CVE-2022-42825
CVE-2022-42824 CVE-2022-42823 CVE-2022-42820
CVE-2022-42817 CVE-2022-42813 CVE-2022-42811
CVE-2022-42810 CVE-2022-42808 CVE-2022-42806
CVE-2022-42803 CVE-2022-42801 CVE-2022-42800
CVE-2022-42799 CVE-2022-42798 CVE-2022-37434
CVE-2022-32947 CVE-2022-32946 CVE-2022-32944
CVE-2022-32941 CVE-2022-32940 CVE-2022-32939
CVE-2022-32938 CVE-2022-32935 CVE-2022-32932
CVE-2022-32929 CVE-2022-32927 CVE-2022-32926
CVE-2022-32924 CVE-2022-32923 CVE-2022-32922
Original Bulletin:
https://support.apple.com/HT213489
Comment: CVSS (Max): 9.8* CVE-2022-37434 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* Not all CVSS available when published
Revision History: November 1 2022: Multiple CVEs added to the advisory
October 25 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional
restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed with improved validation.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to record audio using a pair of connected
AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A logic issue was addressed with improved state
management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois
at Chicago; Binoy Chitale, MS student, Stony Brook University;
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at
Chicago; Chris Kanich, Associate Professor, University of Illinois at
Chicago
Entry added October 27, 2022
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-
service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke
NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG
xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr
1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE
/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE
Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq
wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w
P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j
oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6
fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL
08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV
w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=
=ULJl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2CoWckNZI30y1K9AQjJsRAAirdxwa7KW3BQpYutyvAF/PCPkOBREHEM
1vjMxyV1vgpuT0HOMR2xjuRx8LkddGW5UGA7ArJm3MW8O6y8pH5+CVUrnkdP8cll
CancaKhV7rJJhNkfr8hmny8SdEmqlLnczwHw7Yw0PI5CxES5fP2V/ChvtCe/Vcut
hSpSsPh8EQNffTeD23VDK4agig7BeSkVjZvTxHDQvHfTvjLUSQwzPpttXe7rmNBT
F5Wdmbm3TMGvkSaqNNQQ/EN1yCww9Sb/UTXafvgUHMwgtoDgKfL0NnIozckECRLo
o6ivffjSrjmuVG+m+O9zvvcr+vG6GxrlF40BOcfvXZ8qiChhaw0II9lxmAOh9qXG
iTTUsPuKOSZKAdhIPRFIjZtZgFs5IKZAF+qDjdlPTsZqMoyvTR0L0IJdsGPBveN9
kblOjz+VdVTLATPl9P8RpFvPGUScfdpxkFGnD8W8NZpvkMZI5cJJPsheoLHArrxe
FwLKOJGDKIQ+re/GPe/1po8mnFwpKNUFcqRRDSjFtutWwcuL8CM/ANVPcLKVI6vR
SG2CuLRxjfjj+I6Pp81/ti7YZyIVOFNyv04uQrY3Cx0s6eE36Jnjh4jTahCMFt13
g29cjbAyHSy7p3m6MZqh9EI514uFF2vTAEyoAjjS6u7rVzs7HBmyeKfjTY1Jg9E/
1yFNnsYxQPU=
=DrQ7
-----END PGP SIGNATURE-----