var-202210-1625
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PDFPluginAnnotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple macOS Big Sur is the 17th major release of Apple's operating system macOS for the MAC. Apple macOS Monterey is the 18th major release of macOS, the desktop operating system for the Macintosh. A security vulnerability exists in Apple Safari version 16.1. The following products and versions are affected: macOS Big Sur and macOS Monterey. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
iOS 16.1 and iPadOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213489.
Apple Neural Engine Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32932: Mohamed Ghannam (@_simo36) Entry added October 27, 2022
AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
Audio Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Backup Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access iOS backups Description: A permissions issue was addressed with additional restrictions. CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
CFNetwork Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to record audio using a pair of connected AirPods Description: This issue was addressed with improved entitlements. CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin Entry added October 27, 2022
IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher
Model I/O Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a maliciously crafted website may leak sensitive data Description: A logic issue was addressed with improved state management. CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago Entry added October 27, 2022
Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
Wi-Fi Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Joining a malicious Wi-Fi network may result in a denial-of- service of the Settings app Description: The issue was addressed with improved memory handling. CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan Entry added October 27, 2022
zlib Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
iCloud We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr 1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE /rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6 fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL 08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo= =ULJl -----END PGP SIGNATURE-----
.
Safari 16.1 may be obtained from the Mac App Store
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1625", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "16.1" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.0" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "16.1" }, { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "16.0" }, { "model": "safari", "scope": null, "trust": 0.7, "vendor": "apple", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "NVD", "id": "CVE-2022-32922" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "16.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-32922" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Yonghwi Jin (@jinmo123) at Theori", "sources": [ { "db": "ZDI", "id": "ZDI-23-647" } ], "trust": 0.7 }, "cve": "CVE-2022-32922", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2022-32922", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-32922", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2022-32922", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202210-1675", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "NVD", "id": "CVE-2022-32922" }, { "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PDFPluginAnnotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple macOS Big Sur is the 17th major release of Apple\u0027s operating system macOS for the MAC. Apple macOS Monterey is the 18th major release of macOS, the desktop operating system for the Macintosh. A security vulnerability exists in Apple Safari version 16.1. The following products and versions are affected: macOS Big Sur and macOS Monterey. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16\n\niOS 16.1 and iPadOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213489. \n\nApple Neural Engine\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32932: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nBackup\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to access iOS backups\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nCFNetwork\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nCore Bluetooth\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to record audio using a pair of connected\nAirPods\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nFaceTime\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGraphics Driver\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin\nEntry added October 27, 2022\n\nIOHIDFamily\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-42827: an anonymous researcher\n\nModel I/O\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nSafari\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois\nat Chicago; Binoy Chitale, MS student, Stony Brook University;\nMohammad Ghasemisharif, PhD Candidate, University of Illinois at\nChicago; Chris Kanich, Associate Professor, University of Illinois at\nChicago\nEntry added October 27, 2022\n\nSandbox\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nShortcuts\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit PDF\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: Joining a malicious Wi-Fi network may result in a denial-of-\nservice of the Settings app \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan\nEntry added October 27, 2022\n\nzlib\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, iPad mini\n5th generation and later\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\niCloud\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of\nMoveworks.ai for their assistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their\nassistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke\nNxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG\nxUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr\n1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE\n/rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE\nQ/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq\nwqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w\nP6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j\noMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6\nfTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL\n08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV\nw+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo=\n=ULJl\n-----END PGP SIGNATURE-----\n\n. \n\nSafari 16.1 may be obtained from the Mac App Store", "sources": [ { "db": "NVD", "id": "CVE-2022-32922" }, { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "VULHUB", "id": "VHN-425011" }, { "db": "PACKETSTORM", "id": "169558" }, { "db": "PACKETSTORM", "id": "169556" }, { "db": "PACKETSTORM", "id": "169550" }, { "db": "PACKETSTORM", "id": "169607" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-425011", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-425011" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-32922", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "169607", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-17338", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-23-647", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202210-1675", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.5303", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5302", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "169550", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169558", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "169556", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-425011", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "VULHUB", "id": "VHN-425011" }, { "db": "PACKETSTORM", "id": "169558" }, { "db": "PACKETSTORM", "id": "169556" }, { "db": "PACKETSTORM", "id": "169550" }, { "db": "PACKETSTORM", "id": "169607" }, { "db": "NVD", "id": "CVE-2022-32922" }, { "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "id": "VAR-202210-1625", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-425011" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:01:47.836000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://support.apple.com/ht213489" }, { "title": "Apple Safari Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=212849" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-425011" }, { "db": "NVD", "id": "CVE-2022-32922" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://support.apple.com/en-us/ht213495" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht213488" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht213489" }, { "trust": 0.7, "url": "https://support.apple.com/ht213489" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169607/apple-security-advisory-2022-10-27-15.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5302" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5303" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-32922/" }, { "trust": 0.4, "url": "https://support.apple.com/en-us/ht201222." }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32922" }, { "trust": 0.4, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42799" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42823" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42824" }, { "trust": 0.2, "url": "https://support.apple.com/ht213489." }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32924" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32940" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32923" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32938" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32946" }, { "trust": 0.2, "url": "https://support.apple.com/ht213495." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32935" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32932" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32926" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32939" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32941" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42811" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32947" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42813" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42820" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "VULHUB", "id": "VHN-425011" }, { "db": "PACKETSTORM", "id": "169558" }, { "db": "PACKETSTORM", "id": "169556" }, { "db": "PACKETSTORM", "id": "169550" }, { "db": "PACKETSTORM", "id": "169607" }, { "db": "NVD", "id": "CVE-2022-32922" }, { "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-647" }, { "db": "VULHUB", "id": "VHN-425011" }, { "db": "PACKETSTORM", "id": "169558" }, { "db": "PACKETSTORM", "id": "169556" }, { "db": "PACKETSTORM", "id": "169550" }, { "db": "PACKETSTORM", "id": "169607" }, { "db": "NVD", "id": "CVE-2022-32922" }, { "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-17T00:00:00", "db": "ZDI", "id": "ZDI-23-647" }, { "date": "2022-11-01T00:00:00", "db": "VULHUB", "id": "VHN-425011" }, { "date": "2022-10-31T14:21:40", "db": "PACKETSTORM", "id": "169558" }, { "date": "2022-10-31T14:20:25", "db": "PACKETSTORM", "id": "169556" }, { "date": "2022-10-31T14:18:24", "db": "PACKETSTORM", "id": "169550" }, { "date": "2022-10-31T15:10:32", "db": "PACKETSTORM", "id": "169607" }, { "date": "2022-11-01T20:15:19.430000", "db": "NVD", "id": "CVE-2022-32922" }, { "date": "2022-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-17T00:00:00", "db": "ZDI", "id": "ZDI-23-647" }, { "date": "2023-01-09T00:00:00", "db": "VULHUB", "id": "VHN-425011" }, { "date": "2023-01-09T16:41:59.350000", "db": "NVD", "id": "CVE-2022-32922" }, { "date": "2022-11-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202210-1675" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1675" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple Safari PDFPluginAnnotation Use-After-Free Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-23-647" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202210-1675" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.