JARVIS
Apple hat das Update 15.6 für iOS und iPadOS veröffentlicht. Die Sicherheitsfixe beheben zahlreiche Fehler in fast 40 Komponenten der Geräte. Weiterhin wurde auch macOS 12.5 Monterey veröffentlicht und steht zum Download bereit. Zu den Bugfixes lässt sich wenig finden. Finden konnte ich:
- einen Fehler beim Re-Download von Apple Music,
- der App Name Apple Books wurde zu Apple Store geändert
- die Anzeige das de rGerätespeicher voll ist, obwohl noch Speicher verfügbar ist, wurde behoben
- Braille-Geräte werden langsamer wenn man in einer Mail durch den Text scrollt
- im Safari wurde der Fehler mit Registerkarten und dem zurückkehren zur vorherigen Seite behoben
- und weitere
Apple iOS 15.6 und iPadOS Security Fixe
APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2022-32788: Natalie Silvanovich of Google Project Zero
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)
CVE-2022-32829: an anonymous researcher
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2022-32820: an anonymous researcher
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
CoreMedia
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote user may cause an unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state management.
CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.
CVE-2022-32793: an anonymous researcher
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)
Home
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock screen
Description: A logic issue was addressed with improved state management.
CVE-2022-32855: an anonymous researcher
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2022-32849: Joshua Jones
ICU
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary code execution
Description: A logic issue was addressed with improved checks.
CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: An out-of-bounds read issue was addressed with improved bounds checking.
CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved state management.
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state handling.
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)
Liblouis
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may cause unexpected app termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2022-32823
Multi-Touch
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A type confusion issue was addressed with improved state handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PluginKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
Safari Extensions
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: The issue was addressed with improved UI handling.
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University
Software Update
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user in a privileged network position can track a user’s activity
Description: This issue was addressed by using HTTPS when sending information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.