cvelistv5 - cve-2022-32949

CVE-2022-32949 (GCVE-0-2022-32949)

Vulnerability from cvelistv5 – Published: 2023-02-27 00:00 – Updated: 2025-03-11 17:56

Summary

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

An app may be able to execute arbitrary code with kernel privileges

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT213487
	https://support.apple.com/en-us/HT213490

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: unspecified , < 15.7 (custom)

Apple

tvOS

Affected: unspecified , < 16 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:54:03.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213490"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-32949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T17:55:58.070233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T17:56:24.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to execute arbitrary code with kernel privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-27T00:00:00.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213487"
        },
        {
          "url": "https://support.apple.com/en-us/HT213490"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2022-32949",
    "datePublished": "2023-02-27T00:00:00.000Z",
    "dateReserved": "2022-06-09T00:00:00.000Z",
    "dateUpdated": "2025-03-11T17:56:24.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.7.1\", \"matchCriteriaId\": \"46D91788-9173-4FA2-A956-18286461B859\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.7.1\", \"matchCriteriaId\": \"0C42DEF1-164C-42F0-932E-A6B2F4CD8557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"16.0\", \"matchCriteriaId\": \"534DED19-82FC-4E39-BFD3-F2FE5C71A66B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.\"}, {\"lang\": \"es\", \"value\": \"Este problema se solucion\\u00f3 con controles mejorados. Este problema se solucion\\u00f3 en iOS 15.7.1 y iPadOS 15.7.1, tvOS 16. Es posible que una aplicaci\\u00f3n pueda ejecutar c\\u00f3digo arbitrario con privilegios del kernel.\"}]",
      "id": "CVE-2022-32949",
      "lastModified": "2024-11-21T07:07:17.937",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-02-27T20:15:12.390",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT213487\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213490\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT213490\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32949\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-02-27T20:15:12.390\",\"lastModified\":\"2025-03-11T18:15:26.120\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 15.7.1 y iPadOS 15.7.1, tvOS 16. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.1\",\"matchCriteriaId\":\"46D91788-9173-4FA2-A956-18286461B859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.7.1\",\"matchCriteriaId\":\"0C42DEF1-164C-42F0-932E-A6B2F4CD8557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.0\",\"matchCriteriaId\":\"534DED19-82FC-4E39-BFD3-F2FE5C71A66B\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213487\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213490\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT213490\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T07:54:03.403Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-32949\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-11T17:55:58.070233Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-11T17:56:20.693Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT213487\"}, {\"url\": \"https://support.apple.com/en-us/HT213490\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"An app may be able to execute arbitrary code with kernel privileges\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2023-02-27T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-32949\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-11T17:56:24.484Z\", \"dateReserved\": \"2022-06-09T00:00:00.000Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2023-02-27T00:00:00.000Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

VAR-202210-1929

Vulnerability from variot - Updated: 2023-12-18 11:07

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , tvOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1

iOS 15.7.1 and iPadOS 15.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213490.

Apple Neural Engine Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32932: Mohamed Ghannam (@_simo36)

Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative

Backup Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to access iOS backups Description: A permissions issue was addressed with additional restrictions. CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security

FaceTime Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal

Graphics Driver Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin

Image Processing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32949: Tingting Yin of Tsinghua University

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher

Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero

Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab

ppp Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher

Safari Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: A logic issue was addressed with improved state management. CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago

WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab

Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Joining a malicious Wi-Fi network may result in a denial-of- service of the Settings app Description: The issue was addressed with improved memory handling. CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan

zlib Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.7.1 and iPadOS 15.7.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbJvAACgkQ4RjMIDke Nxmw3Q/+MtMTloTngI/i4DiNLW/HFq92T6kxTZ8i6MUm+RJfEvhaI2zTLCchnhiR thpoVqcA76i+eLsVGenk37S6daFhszAj1596tOv50KbTZYwBLJKM+TI2YQxH4vLq pODEyxL6gTp9tyJR+DK6u3iXHhbDPYlTXYKGqlZ79gaF8JcYwiS/4pn2+3P+wwEN kLMcAoLXPGzptHgZUcuRtLYH0Go0WCLIFHYh7a9gYK34f8VwgOdJCl9NJkuSPIB2 wsiqkUXUkfIZhnVthuYAt43SNZf0uadUjw6Bg8PUBydqL/5/OkuDcQGxKFQRJqEA Yo1rJvqOuaTz2gcfquLdE1zg5OwUjKHAeMTzUwVUHMoxUIWfuMTBb+K7rxX0i/9X FHm3f1N66GMYZPeTmFH44eUmWA5YZaccBCX5+/eluOt/y6/mVvsn+UTWa4vqI3Sa xzWYOU8xsAMfJuWdp0m1CBGDFxOmhS4PsMctRh0ToVlV0KJLoW7ZOB4wUVf3ZtNC mQ67XRAuvxDa83weRpmgSk5Vs3WrqAUEA0sO+SMiNGuLdlk9bj7TSjmThwMFuQ/3 L0JsYgJIIWEtQ+hFSY6o7Iqd2j1KMtSwk4BALohdhpl51f5MhKpeW6TWrXIoLt0E cDStPsnFSyyzJyamnM53MOEuwetfBu6b09Fbb27te6fsRFcb1fM= =kyGi -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1929",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.0"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7.1"
      },
      {
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "16.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169557"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2022-32949",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-32949",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-32949",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-2348",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. apple\u0027s iPadOS , iOS , tvOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1\n\niOS 15.7.1 and iPadOS 15.7.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213490. \n\nApple Neural Engine\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32932: Mohamed Ghannam (@_simo36)\n\nAudio\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\n\nBackup\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to access iOS backups\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security\n\nFaceTime\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\n\nGraphics Driver\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin\n\nImage Processing\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32949: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-42827: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\n\nppp\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A buffer overflow may result in arbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\n\nSafari\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois\nat Chicago; Binoy Chitale, MS student, Stony Brook University;\nMohammad Ghasemisharif, PhD Candidate, University of Illinois at\nChicago; Chris Kanich, Associate Professor, University of Illinois at\nChicago\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Joining a malicious Wi-Fi network may result in a denial-of-\nservice of the Settings app\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan\n\nzlib\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.7.1 and iPadOS 15.7.1\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbJvAACgkQ4RjMIDke\nNxmw3Q/+MtMTloTngI/i4DiNLW/HFq92T6kxTZ8i6MUm+RJfEvhaI2zTLCchnhiR\nthpoVqcA76i+eLsVGenk37S6daFhszAj1596tOv50KbTZYwBLJKM+TI2YQxH4vLq\npODEyxL6gTp9tyJR+DK6u3iXHhbDPYlTXYKGqlZ79gaF8JcYwiS/4pn2+3P+wwEN\nkLMcAoLXPGzptHgZUcuRtLYH0Go0WCLIFHYh7a9gYK34f8VwgOdJCl9NJkuSPIB2\nwsiqkUXUkfIZhnVthuYAt43SNZf0uadUjw6Bg8PUBydqL/5/OkuDcQGxKFQRJqEA\nYo1rJvqOuaTz2gcfquLdE1zg5OwUjKHAeMTzUwVUHMoxUIWfuMTBb+K7rxX0i/9X\nFHm3f1N66GMYZPeTmFH44eUmWA5YZaccBCX5+/eluOt/y6/mVvsn+UTWa4vqI3Sa\nxzWYOU8xsAMfJuWdp0m1CBGDFxOmhS4PsMctRh0ToVlV0KJLoW7ZOB4wUVf3ZtNC\nmQ67XRAuvxDa83weRpmgSk5Vs3WrqAUEA0sO+SMiNGuLdlk9bj7TSjmThwMFuQ/3\nL0JsYgJIIWEtQ+hFSY6o7Iqd2j1KMtSwk4BALohdhpl51f5MhKpeW6TWrXIoLt0E\ncDStPsnFSyyzJyamnM53MOEuwetfBu6b09Fbb27te6fsRFcb1fM=\n=kyGi\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "VULHUB",
        "id": "VHN-425038"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "db": "PACKETSTORM",
        "id": "169557"
      }
    ],
    "trust": 1.89
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-425038",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-425038"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32949",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "169557",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5462",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-425038",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32949",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-425038"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "PACKETSTORM",
        "id": "169557"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "id": "VAR-202210-1929",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-425038"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:07:19.585000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213487 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht213487"
      },
      {
        "title": "Apple iOS  and  iPadOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228031"
      },
      {
        "title": "Apple: iOS 15.7.1 and iPadOS 15.7.1",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=bf3cc718f15de8626bb16e4673ea6ecb"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://support.apple.com/en-us/ht213490"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht213487"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32949"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32949/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5462"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169557/apple-security-advisory-2022-10-27-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39743"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht213490"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht213490."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32932"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32923"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32944"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32929"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32939"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32941"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-425038"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "PACKETSTORM",
        "id": "169557"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-425038"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "db": "PACKETSTORM",
        "id": "169557"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-425038"
      },
      {
        "date": "2023-02-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "date": "2023-10-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "date": "2022-10-31T14:21:04",
        "db": "PACKETSTORM",
        "id": "169557"
      },
      {
        "date": "2023-02-27T20:15:12.390000",
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "date": "2022-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-425038"
      },
      {
        "date": "2023-02-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-32949"
      },
      {
        "date": "2023-10-31T07:28:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      },
      {
        "date": "2023-03-07T21:29:23.420000",
        "db": "NVD",
        "id": "CVE-2022-32949"
      },
      {
        "date": "2023-03-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerabilities in multiple Apple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-020127"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-2348"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2022-32949

Vulnerability from fkie_nvd - Published: 2023-02-27 20:15 - Updated: 2025-03-11 18:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213487	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213490	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213487	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213490	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D91788-9173-4FA2-A956-18286461B859",
              "versionEndExcluding": "15.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C42DEF1-164C-42F0-932E-A6B2F4CD8557",
              "versionEndExcluding": "15.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "534DED19-82FC-4E39-BFD3-F2FE5C71A66B",
              "versionEndExcluding": "16.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges."
    },
    {
      "lang": "es",
      "value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 15.7.1 y iPadOS 15.7.1, tvOS 16. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario con privilegios del kernel."
    }
  ],
  "id": "CVE-2022-32949",
  "lastModified": "2025-03-11T18:15:26.120",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-27T20:15:12.390",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213487"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT213490"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2022-32949

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

Aliases

CVE-2022-32949

Aliases

CVE-2022-32949

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-32949",
    "description": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.",
    "id": "GSD-2022-32949"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32949"
      ],
      "details": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.",
      "id": "GSD-2022-32949",
      "modified": "2023-12-13T01:19:12.489297Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2022-32949",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.7"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "16"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An app may be able to execute arbitrary code with kernel privileges"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213487",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213487"
          },
          {
            "name": "https://support.apple.com/en-us/HT213490",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213490"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2022-32949"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213487",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213487"
            },
            {
              "name": "https://support.apple.com/en-us/HT213490",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213490"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-07T21:29Z",
      "publishedDate": "2023-02-27T20:15Z"
    }
  }
}

CERTFR-2022-AVI-963

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Apple iOS et iPadOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iOS et iPadOS versions antérieures à 15.7.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213490 du 27 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 15.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32927"
    },
    {
      "name": "CVE-2022-42803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42803"
    },
    {
      "name": "CVE-2022-42800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42800"
    },
    {
      "name": "CVE-2022-32935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32935"
    },
    {
      "name": "CVE-2022-42827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"
    },
    {
      "name": "CVE-2022-32944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32944"
    },
    {
      "name": "CVE-2022-32929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32929"
    },
    {
      "name": "CVE-2022-32923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32923"
    },
    {
      "name": "CVE-2022-32926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32926"
    },
    {
      "name": "CVE-2022-42798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42798"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2022-32939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32939"
    },
    {
      "name": "CVE-2022-32949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32949"
    },
    {
      "name": "CVE-2022-32941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32941"
    },
    {
      "name": "CVE-2022-42810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42810"
    },
    {
      "name": "CVE-2022-42801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42801"
    },
    {
      "name": "CVE-2022-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32932"
    },
    {
      "name": "CVE-2022-42817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42817"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-963",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iOS et\niPadOS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2022-42827 serait activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS et iPadOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213490 du 27 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213490"
    }
  ]
}

CERTFR-2022-AVI-963

Vulnerability from certfr_avis - Published: - Updated:

Apple indique que la vulnérabilité CVE-2022-42827 serait activement exploitée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iOS et iPadOS versions antérieures à 15.7.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213490 du 27 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 15.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32927"
    },
    {
      "name": "CVE-2022-42803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42803"
    },
    {
      "name": "CVE-2022-42800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42800"
    },
    {
      "name": "CVE-2022-32935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32935"
    },
    {
      "name": "CVE-2022-42827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42827"
    },
    {
      "name": "CVE-2022-32944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32944"
    },
    {
      "name": "CVE-2022-32929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32929"
    },
    {
      "name": "CVE-2022-32923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32923"
    },
    {
      "name": "CVE-2022-32926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32926"
    },
    {
      "name": "CVE-2022-42798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42798"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2022-32939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32939"
    },
    {
      "name": "CVE-2022-32949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32949"
    },
    {
      "name": "CVE-2022-32941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32941"
    },
    {
      "name": "CVE-2022-42810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42810"
    },
    {
      "name": "CVE-2022-42801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42801"
    },
    {
      "name": "CVE-2022-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32932"
    },
    {
      "name": "CVE-2022-42817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42817"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-963",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iOS et\niPadOS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2022-42827 serait activement\nexploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS et iPadOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213490 du 27 octobre 2022",
      "url": "https://support.apple.com/fr-fr/HT213490"
    }
  ]
}

GHSA-CJQ2-J283-VJ49

Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2023-03-07 21:30

Details

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-32949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-27T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-cjq2-j283-vj49",
  "modified": "2023-03-07T21:30:16Z",
  "published": "2023-02-27T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32949"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213487"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213490"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-32949 (GCVE-0-2022-32949)

VAR-202210-1929

FKIE_CVE-2022-32949

GSD-2022-32949

CERTFR-2022-AVI-963

Solution

CERTFR-2022-AVI-963

Solution

GHSA-CJQ2-J283-VJ49

Tags

Sightings

Nomenclature