Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-32946
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 07:54
Severity ?
EPSS score ?
0.08%
(0.20985)
Summary
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT213489 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213489 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 16.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:54:03.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213489", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to record audio using a pair of connected AirPods", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-01T00:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213489", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-32946", datePublished: "2022-11-01T00:00:00", dateReserved: "2022-06-09T00:00:00", dateUpdated: "2024-08-03T07:54:03.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.0\", \"matchCriteriaId\": \"8CA5BE49-4E08-4ABB-BF4B-03147ED85DDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.1\", \"matchCriteriaId\": \"E7CF2D18-109B-40A0-96F0-79894CE484AC\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.\"}, {\"lang\": \"es\", \"value\": \"Este problema se abord\\u00f3 con derechos mejorados. Este problema se solucion\\u00f3 en iOS 16.1 y iPadOS 16. Es posible que una aplicaci\\u00f3n pueda grabar audio usando un par de AirPods conectados.\"}]", id: "CVE-2022-32946", lastModified: "2024-11-21T07:07:17.527", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}", published: "2022-11-01T20:15:20.237", references: "[{\"url\": \"https://support.apple.com/en-us/HT213489\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-32946\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-11-01T20:15:20.237\",\"lastModified\":\"2024-11-21T07:07:17.527\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.\"},{\"lang\":\"es\",\"value\":\"Este problema se abordó con derechos mejorados. Este problema se solucionó en iOS 16.1 y iPadOS 16. Es posible que una aplicación pueda grabar audio usando un par de AirPods conectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.0\",\"matchCriteriaId\":\"8CA5BE49-4E08-4ABB-BF4B-03147ED85DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.1\",\"matchCriteriaId\":\"E7CF2D18-109B-40A0-96F0-79894CE484AC\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213489\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
gsd-2022-32946
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-32946", description: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", id: "GSD-2022-32946", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-32946", ], details: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", id: "GSD-2022-32946", modified: "2023-12-13T01:19:12.149033Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2022-32946", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "iOS and iPadOS", version: { version_data: [ { version_affected: "<", version_value: "16.1", }, ], }, }, ], }, vendor_name: "Apple", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "An app may be able to record audio using a pair of connected AirPods", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/en-us/HT213489", refsource: "MISC", url: "https://support.apple.com/en-us/HT213489", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "16.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "16.1", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2022-32946", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/en-us/HT213489", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213489", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, }, }, lastModifiedDate: "2023-01-09T16:41Z", publishedDate: "2022-11-01T20:15Z", }, }, }
var-202210-1627
Vulnerability from variot
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213489.
Apple Neural Engine Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32932: Mohamed Ghannam (@_simo36) Entry added October 27, 2022
AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
Audio Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Backup Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access iOS backups Description: A permissions issue was addressed with additional restrictions. CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
CFNetwork Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to record audio using a pair of connected AirPods Description: This issue was addressed with improved entitlements. CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin Entry added October 27, 2022
IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher
Model I/O Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a maliciously crafted website may leak sensitive data Description: A logic issue was addressed with improved state management. CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago Entry added October 27, 2022
Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
Wi-Fi Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Joining a malicious Wi-Fi network may result in a denial-of- service of the Settings app Description: The issue was addressed with improved memory handling. CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan Entry added October 27, 2022
zlib Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
iCloud We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr 1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE /rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6 fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL 08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo= =ULJl -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1627", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "iphone os", scope: "lt", trust: 1, vendor: "apple", version: "16.1", }, { model: "ipados", scope: "lt", trust: 1, vendor: "apple", version: "16.0", }, ], sources: [ { db: "NVD", id: "CVE-2022-32946", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "16.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "16.1", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-32946", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "PACKETSTORM", id: "169558", }, { db: "PACKETSTORM", id: "169550", }, ], trust: 0.2, }, cve: "CVE-2022-32946", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-32946", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202210-1663", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-32946", }, { db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16\n\niOS 16.1 and iPadOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213489. \n\nApple Neural Engine\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32932: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nBackup\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to access iOS backups\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nCFNetwork\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nCore Bluetooth\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to record audio using a pair of connected\nAirPods\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nFaceTime\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGraphics Driver\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin\nEntry added October 27, 2022\n\nIOHIDFamily\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-42827: an anonymous researcher\n\nModel I/O\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nSafari\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois\nat Chicago; Binoy Chitale, MS student, Stony Brook University;\nMohammad Ghasemisharif, PhD Candidate, University of Illinois at\nChicago; Chris Kanich, Associate Professor, University of Illinois at\nChicago\nEntry added October 27, 2022\n\nSandbox\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nShortcuts\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit PDF\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Joining a malicious Wi-Fi network may result in a denial-of-\nservice of the Settings app \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan\nEntry added October 27, 2022\n\nzlib\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\niCloud\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of\nMoveworks.ai for their assistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their\nassistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke\nNxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG\nxUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr\n1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE\n/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE\nQ/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq\nwqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w\nP6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j\noMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6\nfTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL\n08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV\nw+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=\n=ULJl\n-----END PGP SIGNATURE-----\n\n", sources: [ { db: "NVD", id: "CVE-2022-32946", }, { db: "VULHUB", id: "VHN-425035", }, { db: "PACKETSTORM", id: "169558", }, { db: "PACKETSTORM", id: "169550", }, ], trust: 1.17, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-425035", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-425035", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-32946", trust: 1.9, }, { db: "PACKETSTORM", id: "169558", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202210-1663", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2022.5303", trust: 0.6, }, { db: "PACKETSTORM", id: "169550", trust: 0.2, }, { db: "VULHUB", id: "VHN-425035", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-425035", }, { db: "PACKETSTORM", id: "169558", }, { db: "PACKETSTORM", id: "169550", }, { db: "NVD", id: "CVE-2022-32946", }, { db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, id: "VAR-202210-1627", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-425035", }, ], trust: 0.01, }, last_update_date: "2023-12-18T11:38:37.533000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apple iOS and iPadOS Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212490", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-32946", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://support.apple.com/en-us/ht213489", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-32946/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/169558/apple-security-advisory-2022-10-27-2.html", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.5303", }, { trust: 0.2, url: "https://support.apple.com/ht213489.", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32924", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32940", }, { trust: 0.2, url: "https://support.apple.com/en-us/ht201222.", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32922", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32938", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32946", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32927", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32935", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32932", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32926", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32923", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32944", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32929", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32939", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32941", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42824", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42806", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42808", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42811", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42799", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42823", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-32947", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42813", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-42820", }, ], sources: [ { db: "VULHUB", id: "VHN-425035", }, { db: "PACKETSTORM", id: "169558", }, { db: "PACKETSTORM", id: "169550", }, { db: "NVD", id: "CVE-2022-32946", }, { db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-425035", }, { db: "PACKETSTORM", id: "169558", }, { db: "PACKETSTORM", id: "169550", }, { db: "NVD", id: "CVE-2022-32946", }, { db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-11-01T00:00:00", db: "VULHUB", id: "VHN-425035", }, { date: "2022-10-31T14:21:40", db: "PACKETSTORM", id: "169558", }, { date: "2022-10-31T14:18:24", db: "PACKETSTORM", id: "169550", }, { date: "2022-11-01T20:15:20.237000", db: "NVD", id: "CVE-2022-32946", }, { date: "2022-10-24T00:00:00", db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-01-09T00:00:00", db: "VULHUB", id: "VHN-425035", }, { date: "2023-01-09T16:41:59.350000", db: "NVD", id: "CVE-2022-32946", }, { date: "2022-11-03T00:00:00", db: "CNNVD", id: "CNNVD-202210-1663", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202210-1663", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple iOS and iPadOS Security hole", sources: [ { db: "CNNVD", id: "CNNVD-202210-1663", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202210-1663", }, ], trust: 0.6, }, }
wid-sec-w-2022-1837
Vulnerability from csaf_certbund
Published
2022-10-24 22:00
Modified
2023-06-27 22:00
Summary
Apple iOS & iPadOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1837 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1837.json", }, { category: "self", summary: "WID-SEC-2022-1837 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1837", }, { category: "external", summary: "Apple Security Advisory HT213489 vom 2022-10-24", url: "https://support.apple.com/en-us/HT213489", }, ], source_lang: "en-US", title: "Apple iOS & iPadOS: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-27T22:00:00.000+00:00", generator: { date: "2024-08-15T17:37:00.102+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1837", initial_release_date: "2022-10-24T22:00:00.000+00:00", revision_history: [ { date: "2022-10-24T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-06-27T22:00:00.000+00:00", number: "2", summary: "CVE's ergänzt", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Apple iOS < 16.1", product: { name: "Apple iOS < 16.1", product_id: "T025098", product_identification_helper: { cpe: "cpe:/o:apple:iphone_os:16.1", }, }, }, { category: "product_name", name: "Apple iPadOS < 16", product: { name: "Apple iPadOS < 16", product_id: "T025099", product_identification_helper: { cpe: "cpe:/o:apple:ipados:16", }, }, }, ], category: "vendor", name: "Apple", }, ], }, vulnerabilities: [ { cve: "CVE-2022-46715", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-46715", }, { cve: "CVE-2022-42832", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42832", }, { cve: "CVE-2022-42831", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42831", }, { cve: "CVE-2022-42830", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42830", }, { cve: "CVE-2022-42829", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42829", }, { cve: "CVE-2022-42827", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42827", }, { cve: "CVE-2022-42825", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42825", }, { cve: "CVE-2022-42824", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42824", }, { cve: "CVE-2022-42823", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42823", }, { cve: "CVE-2022-42820", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42820", }, { cve: "CVE-2022-42813", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42813", }, { cve: "CVE-2022-42811", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42811", }, { cve: "CVE-2022-42808", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42808", }, { cve: "CVE-2022-42806", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42806", }, { cve: "CVE-2022-42799", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42799", }, { cve: "CVE-2022-42792", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42792", }, { cve: "CVE-2022-32947", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32947", }, { cve: "CVE-2022-32946", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32946", }, { cve: "CVE-2022-32940", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32940", }, { cve: "CVE-2022-32938", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32938", }, { cve: "CVE-2022-32924", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32924", }, { cve: "CVE-2022-32922", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32922", }, ], }
WID-SEC-W-2022-1837
Vulnerability from csaf_certbund
Published
2022-10-24 22:00
Modified
2023-06-27 22:00
Summary
Apple iOS & iPadOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1837 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1837.json", }, { category: "self", summary: "WID-SEC-2022-1837 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1837", }, { category: "external", summary: "Apple Security Advisory HT213489 vom 2022-10-24", url: "https://support.apple.com/en-us/HT213489", }, ], source_lang: "en-US", title: "Apple iOS & iPadOS: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-27T22:00:00.000+00:00", generator: { date: "2024-08-15T17:37:00.102+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1837", initial_release_date: "2022-10-24T22:00:00.000+00:00", revision_history: [ { date: "2022-10-24T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-06-27T22:00:00.000+00:00", number: "2", summary: "CVE's ergänzt", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Apple iOS < 16.1", product: { name: "Apple iOS < 16.1", product_id: "T025098", product_identification_helper: { cpe: "cpe:/o:apple:iphone_os:16.1", }, }, }, { category: "product_name", name: "Apple iPadOS < 16", product: { name: "Apple iPadOS < 16", product_id: "T025099", product_identification_helper: { cpe: "cpe:/o:apple:ipados:16", }, }, }, ], category: "vendor", name: "Apple", }, ], }, vulnerabilities: [ { cve: "CVE-2022-46715", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-46715", }, { cve: "CVE-2022-42832", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42832", }, { cve: "CVE-2022-42831", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42831", }, { cve: "CVE-2022-42830", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42830", }, { cve: "CVE-2022-42829", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42829", }, { cve: "CVE-2022-42827", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42827", }, { cve: "CVE-2022-42825", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42825", }, { cve: "CVE-2022-42824", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42824", }, { cve: "CVE-2022-42823", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42823", }, { cve: "CVE-2022-42820", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42820", }, { cve: "CVE-2022-42813", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42813", }, { cve: "CVE-2022-42811", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42811", }, { cve: "CVE-2022-42808", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42808", }, { cve: "CVE-2022-42806", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42806", }, { cve: "CVE-2022-42799", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42799", }, { cve: "CVE-2022-42792", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-42792", }, { cve: "CVE-2022-32947", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32947", }, { cve: "CVE-2022-32946", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32946", }, { cve: "CVE-2022-32940", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32940", }, { cve: "CVE-2022-32938", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32938", }, { cve: "CVE-2022-32924", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32924", }, { cve: "CVE-2022-32922", notes: [ { category: "description", text: "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"AppleMobileFileIntegrity\", \"AVEVideoEncoder\", \"CFNetwork\", \"Core Bluetooth\", \"GPU Drivers\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"ppp\", \"Sandbox\", \"Shortcuts\", \"WebKit\" sowie \"WebKit PDF\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Root-Rechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2022-10-24T22:00:00.000+00:00", title: "CVE-2022-32922", }, ], }
ghsa-rp23-g46j-x9xq
Vulnerability from github
Published
2022-11-02 12:00
Modified
2022-11-02 19:00
Severity ?
Details
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
{ affected: [], aliases: [ "CVE-2022-32946", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2022-11-01T20:15:00Z", severity: "MODERATE", }, details: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", id: "GHSA-rp23-g46j-x9xq", modified: "2022-11-02T19:00:25Z", published: "2022-11-02T12:00:42Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32946", }, { type: "WEB", url: "https://support.apple.com/en-us/HT213489", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", type: "CVSS_V3", }, ], }
fkie_cve-2022-32946
Vulnerability from fkie_nvd
Published
2022-11-01 20:15
Modified
2024-11-21 07:07
Severity ?
Summary
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT213489 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213489 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA5BE49-4E08-4ABB-BF4B-03147ED85DDD", versionEndExcluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "E7CF2D18-109B-40A0-96F0-79894CE484AC", versionEndExcluding: "16.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.", }, { lang: "es", value: "Este problema se abordó con derechos mejorados. Este problema se solucionó en iOS 16.1 y iPadOS 16. Es posible que una aplicación pueda grabar audio usando un par de AirPods conectados.", }, ], id: "CVE-2022-32946", lastModified: "2024-11-21T07:07:17.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-01T20:15:20.237", references: [ { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/en-us/HT213489", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.