JARVIS
Apple hat vermutlich das letzte iOS Update vor dem großen iOS 16 Update veröffentlicht. Das Update für iPadOS und iOS 15.5 ist draußen und behebt lediglich Fehler und sorgt für mehr Stabilität. Mit diesem Update ist ebenso das Apple watchOS 8.6 für die Apple Watch veröffentlicht worden.
Das Update bringt Neuerungen für die Apple Podcast App, in der nun die Anzahl der Offline Episoden für Mac, iPad und iPhone konfiguriert werden können, zudem behebt es ein Problem mit der Homekit Automation. Letzteres behebt das Problem der Automation die beim Betreten oder Verlassen der Wohnung keine Trigger ausgelöst hat.
Apple iOS 15.5 Änderungen
- SportsKit: Apple arbeitet weiter an dem neuen Framework, das sich um Sportinhalte dreht. Unter iOS 15.5 zeigt es Informationen wie Baseball-Ergebnisse besser an. In Deutschland ist „SportsKit” bislang nicht verfügbar.
- iTunes Pass: Im Code der neuen iOS-Version finden sich Hinweise, dass Apple den „iTunes Pass” in „Apple Account” umbenennen will. Das Feature könnte künftig auch als Karte in die Wallet-App wandern.
- Fotos-App: Die KI der Anwendung erkennt automatisch Personen, Orte und Ereignisse in Deiner Mediathek und erstellt kuratierte Sammlungen, die sogenannten „Rückblicke”. Unter iOS 15.5 verfügt die Fotos-App nun über eine Liste von „sensiblen Orten”, die alle mit dem Holocaust zusammenhängen – zum Beispiel das KZ Auschwitz-Birkenau. Bilder, die an diesen Orten geknipst werden, soll die KI niemals für „Rückblicke”-Sammlungen nutzen, wie 9to5Mac berichtet.
- HomePod: iOS 15.5 zeigt für den HomePod nun auch die WLAN-Empfangsstärke an.
- Verbesserte Stabilität und Performance: Kleinere Updates dieser Art sollen immer auch die Leistung des Betriebssystems insgesamt verbessern.
Quelle: Apple security updates – Apple Support
Apple iOS 15.5 Security Fixes
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-26702: an anonymous researcher
AppleGraphicsControl
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
DriverKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26744: an anonymous researcher
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
IOKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26768: an anonymous researcher
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26771: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2022-23308
Notes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a large input may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal
Safari Private Browsing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious website may be able to track users in Safari private browsing mode
Description: A logic issue was addressed with improved state management.
CVE-2022-26731: an anonymous researcher
Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to access photos from the lock screen
Description: An authorization issue was addressed with improved state management.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code execution
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call
Description: A logic issue in the handling of concurrent media was addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2015-4142: Kostya Kortchinsky of Google Security Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
Quelle: About the security content of iOS 15.5 and iPadOS 15.5 – Apple Support (IE)
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.