ISC Stormcast For Tuesday, October 25th, 2022 https://isc.sans.edu/podcastdetail.html?id=8228

Apple Patches Everything: October 2022 Edition

Published: 2022-10-25. Last Updated: 2022-10-25 00:22:44 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

A quick summary of Apple's pretty massive patch day today. With the release of a new version of macOS, and updates for all operating systems Apple publishes, we got a total of 106 vulnerabilities. As before with Apple, the rating (critical/important) is our own and not based on a CVSS score, as Apple publishes non. I typically rate privilege escalation, like flaws, as important and code execution flaws as critical. Let me know if you disagree with the rating. "other" just means that I didn't get around to rate the particular issue or that it affects multiple vulnerabilities.

One of the critical issues, CVE-2022-42827, may have been actively exploited, according to reports received by Apple. This issue affects iPadOS and iOS.

 

Safari iOS and iPadOS MacOS Monterey (12.x) MacOS BigSur (10.x) macOS Ventura (13.x) TVOS WatchOS
WebKit Bugzilla [important] WebKit
A logic issue was addressed with improved state management.
Processing maliciously crafted web content may disclose sensitive user information
x x     x x x
CVE-2022-42825 [important] AppleMobileFileIntegrity
This issue was addressed by removing additional entitlements.
An app may be able to modify protected parts of the file system
  x x x x x x
CVE-2022-32940 [important] AVEVideoEncoder
The issue was addressed with improved bounds checks.
An app may be able to execute arbitrary code with kernel privileges
  x     x x x
CVE-2022-42813 [critical] CFNetwork
A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation.
Processing a maliciously crafted certificate may lead to arbitrary code execution
  x     x x x
CVE-2022-32946 [important] Core Bluetooth
This issue was addressed with improved entitlements.
An app may be able to record audio using a pair of connected AirPods
  x          
CVE-2022-32947 [important] GPU Drivers
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
  x     x   x
CVE-2022-42820 [important] IOHIDFamily
A memory corruption issue was addressed with improved state management.
An app may cause unexpected app termination or arbitrary code execution
  x     x    
CVE-2022-42806 [important] IOKit
A race condition was addressed with improved locking.
An app may be able to execute arbitrary code with kernel privileges
  x     x    
CVE-2022-32924 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
  x     x x x
CVE-2022-42808 [critical] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
A remote user may be able to cause kernel code execution
  x     x x x
CVE-2022-42827 [critical] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges.
Apple is aware of a report that this issue may have been actively exploited. 
  x          
CVE-2022-42829 [important] ppp
A use after free issue was addressed with improved memory management.
An app with root privileges may be able to execute arbitrary code with kernel privileges
  x     x    
CVE-2022-42830 [important] ppp
The issue was addressed with improved memory handling.
An app with root privileges may be able to execute arbitrary code with kernel privileges
  x     x    
CVE-2022-42831 [important] ppp
A race condition was addressed with improved locking.
An app with root privileges may be able to execute arbitrary code with kernel privileges
  x     x    
CVE-2022-42832 [important] ppp
A race condition was addressed with improved locking.
An app with root privileges may be able to execute arbitrary code with kernel privileges
  x     x    
CVE-2022-42811 [important] Sandbox
An access issue was addressed with additional sandbox restrictions.
An app may be able to access user-sensitive data
  x     x x x
CVE-2022-32938 [important] Shortcuts
A parsing issue in the handling of directory paths was addressed with improved path validation.
A shortcut may be able to check the existence of an arbitrary path on the file system
  x     x    
CVE-2022-28739 [critical] Ruby
A memory corruption issue was addressed by updating Ruby to version 2.6.10.
A remote user may be able to cause unexpected app termination or arbitrary code execution
    x x x    
CVE-2022-32862 [important] Sandbox
This issue was addressed with improved data protection.
An app with root privileges may be able to access private information
    x x x    
CVE-2022-42795 [critical] Accelerate Framework
A memory consumption issue was addressed with improved memory handling.
Processing a maliciously crafted image may lead to arbitrary code execution
        x    
CVE-2022-32858 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to leak sensitive kernel state
        x    
CVE-2022-32898 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-32899 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-32827 [important] AppleAVD
A memory corruption issue was addressed with improved state management.
An app may be able to cause a denial-of-service
        x    
CVE-2022-42789 [important] AppleMobileFileIntegrity
An issue in code signature validation was addressed with improved checks.
An app may be able to access user-sensitive data
        x    
CVE-2022-32902 [important] ATS
A logic issue was addressed with improved state management.
An app may be able to bypass Privacy preferences
        x    
CVE-2022-32904 [important] ATS
An access issue was addressed with additional sandbox restrictions.
An app may be able to access user-sensitive data
        x    
CVE-2022-32890 [moderate] ATS
A logic issue was addressed with improved checks.
A sandboxed process may be able to circumvent sandbox restrictions
        x    
CVE-2022-42796 [important] Audio
This issue was addressed by removing the vulnerable code.
An app may be able to gain elevated privileges
        x    
CVE-2022-42819 [important] Calendar
An access issue was addressed with improved access restrictions.
An app may be able to read sensitive location information
        x    
CVE-2022-26730 [critical] ColorSync
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.
Processing a maliciously crafted image may lead to arbitrary code execution
        x    
CVE-2022-32867 [important] Crash Reporter
This issue was addressed with improved data protection.
A user with physical access to an iOS device may be able to read past diagnostic logs
        x    
CVE-2022-32205 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl
        x    
CVE-2022-32206 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl
        x    
CVE-2022-32207 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl
        x    
CVE-2022-32208 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl
        x    
CVE-2022-42814 [important] Directory Utility
A logic issue was addressed with improved checks.
An app may be able to access user-sensitive data
        x    
CVE-2022-32865 [important] DriverKit
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-32915 [important] DriverKit
A type confusion issue was addressed with improved checks.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-32928 [other] Exchange
A logic issue was addressed with improved restrictions.
A user in a privileged network position may be able to intercept mail credentials
        x    
CVE-2022-42788 [other] Find My
A permissions issue existed. This issue was addressed with improved permission validation.
A malicious application may be able to read sensitive location information
        x    
CVE-2022-32905 [critical] Finder
This issue was addressed with improved validation of symlinks.
Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges
        x    
CVE-2022-42809 [other] Grapher
The issue was addressed with improved memory handling.
Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution
        x    
CVE-2022-32913 [other] Image Processing
The issue was addressed with additional restrictions on the observability of app states.
A sandboxed app may be able to determine which app is currently using the camera
        x    
CVE-2022-1622 [other] ImageIO
A denial-of-service issue was addressed with improved validation.
Processing an image may lead to a denial-of-service
        x    
CVE-2022-32936 [important] Intel Graphics Driver
An out-of-bounds read was addressed with improved input validation.
An app may be able to disclose kernel memory
        x    
CVE-2022-32864 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
        x    
CVE-2022-32866 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-32911 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-32914 [important] Kernel
A use after free issue was addressed with improved memory management.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-42815 [important] Mail
This issue was addressed with improved data protection.
An app may be able to access user-sensitive data
        x    
CVE-2022-32883 [important] Maps
A logic issue was addressed with improved restrictions.
An app may be able to read sensitive location information
        x    
CVE-2022-32908 [other] MediaLibrary
A memory corruption issue was addressed with improved input validation.
A user may be able to elevate privileges
        x    
CVE-2021-39537 [other] ncurses
A buffer overflow was addressed with improved bounds checking.
A user may be able to cause unexpected app termination or arbitrary code execution
        x    
CVE-2022-29458 [other] ncurses
A denial-of-service issue was addressed with improved validation.
Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents
        x    
CVE-2022-42818 [other] Notes
This issue was addressed with improved data protection.
A user in a privileged network position may be able to track user activity
        x    
CVE-2022-32879 [other] Notifications
A logic issue was addressed with improved state management.
A user with physical access to a device may be able to access contacts from the lock screen
        x    
CVE-2022-32895 [important] PackageKit
A race condition was addressed with improved state handling.
An app may be able to modify protected parts of the file system
        x    
CVE-2022-32918 [important] Photos
This issue was addressed with improved data protection.
An app may be able to bypass Privacy preferences
        x    
CVE-2022-32881 [important] Sandbox
A logic issue was addressed with improved restrictions.
An app may be able to modify protected parts of the file system
        x    
CVE-2022-42793 [other] Security
An issue in code signature validation was addressed with improved checks.
An app may be able to bypass code signing checks
        x    
CVE-2022-42790 [important] Sidecar
A logic issue was addressed with improved state management.
A user may be able to view restricted content from the lock screen
        x    
CVE-2022-32870 [other] Siri
A logic issue was addressed with improved state management.
A user with physical access to a device may be able to use Siri to obtain some call history information
        x    
CVE-2022-32934 [critical] SMB
The issue was addressed with improved memory handling.
A remote user may be able to cause kernel code execution
        x    
CVE-2022-42791 [important] Software Update
A race condition was addressed with improved state handling.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2021-36690 [other] SQLite
This issue was addressed with improved checks.
A remote user may be able to cause a denial-of-service
        x    
CVE-2022-0261 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0318 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0319 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0351 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0359 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0361 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0368 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0392 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0554 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0572 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0629 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0685 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0696 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0714 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0729 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-0943 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1381 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1420 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1725 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1616 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1619 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1620 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1621 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1629 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1674 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1733 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1735 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1769 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1927 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1942 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1968 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1851 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1897 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1898 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-1720 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-2000 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-2042 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-2124 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-2125 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-2126 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
        x    
CVE-2022-32875 [important] Weather
A logic issue was addressed with improved state management.
An app may be able to read sensitive location information
        x    

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords:
0 comment(s)

Comments


Diary Archives