var-202212-1523
Vulnerability from variot
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. Safari , iPadOS , iOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. ========================================================================== Ubuntu Security Notice USN-5797-1 January 09, 2023
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.10.1 libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.10.1 libjavascriptcoregtk-5.0-0 2.38.3-0ubuntu0.22.10.1 libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.10.1 libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.10.1 libwebkit2gtk-5.0-0 2.38.3-0ubuntu0.22.10.1
Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes.
For the stable distribution (bullseye), these problems have been fixed in version 2.38.3-1~deb11u1.
We recommend that you upgrade your wpewebkit packages.
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". CVE-2022-42847: ABC Research s.r.o. CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
Boot Camp Available for: macOS Ventura Impact: An app may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2
iOS 16.2 and iPadOS 16.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213530.
Accounts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t)
AppleAVD Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46694: Andrey Labunets and Nikita Tarakanov
AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing
AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42848: ABC Research s.r.o
CoreServices Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security
GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-46702: Xia0o0o0o of W4terDr0p, Sun Yat-sen University
Graphics Driver Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42850: Willy R. Vasquez of The University of Texas at Austin
Graphics Driver Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved memory handling. CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin
ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t)
ImageIO Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Parsing a maliciously crafted TIFF file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42851: Mickey Jin (@patch1t)
IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03)
IOMobileFrameBuffer Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom)
iTunes Store Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-46701: Felix Poulin-Belanger
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved memory handling. CVE-2022-42844: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM
Photos Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication Description: The issue was addressed with improved bounds checks. CVE-2022-32943: an anonymous researcher
ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42840: an anonymous researcher
Preferences Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to use arbitrary entitlements Description: A logic issue was addressed with improved state management. CVE-2022-42855: Ivan Fratric of Google Project Zero
Printing Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-42862: Mickey Jin (@patch1t)
Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2022-46695: KirtiKumar Anandrao Ramchandani
Software Update Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. CVE-2022-42849: Mickey Jin (@patch1t)
Weather Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher
Additional recognition
Kernel We would like to acknowledge Zweig of Kunlun Lab and pattern-f (@pattern_F_) of Ant Security Light-Year Lab for their assistance.
Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance.
WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance.
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.2 and iPadOS 16.2". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDke NxmnGxAAuO8CwNDPYn+yyq7VIRB6+sCaV962MC2c7TFzU+R1waBBaG57NmJQeANL 5645QVNL/5k0TaFiSV/dFg15YvBkLgC6JVHeKebYvboSHB0wsfxejfwYnYFLNc44 xriqdQSarmp61Aw4270LFRjV1XokOGuEzo4U3InyhiawceAVR/qvteNDxETnsiAN jyaPRnx1d2K22+VZAFRtVjLgFLkBwAguamuMe8vIaqP71giORZNfX+w+GduszAqY Spo5aPC8G56GmHGZnSid/utBa2CqXfVRMyUmnYYukPrYACdy4WkTKWOWCbPrCbkT VWc43jsWhPqsMFopyy4K+SaCZqNdcpIag8n5uvCsf0tLPIUPTMRXSj3w1WOq1++6 NV3cZp6RaFVYJ3twU2D1q/Vj8VXILNPvECzGNlOxRJu0H7w3VD5ZdZ16Gsc8T62C ER5CSJr49fj5ixLCP9HepmIK5Rz0UXMxmylUANk2h88HK9hr7/s1EOYtCVjTEYQ2 c1ESd87HYz24iYnqaL5d8KDFiGQCVfuwnz2keWO7Lc2E+8OUqqYTWfCoSWprWnSU ZR31xA+JnPSS4WBP4RzitUmAiP5sdulF0jg4IZ0y0RUwWI4lD4vv0z9glb++rRHh PJj9uuirFcmKJ1BSfEN1glq/gGW8SP1vuq1BU+fIdeHtw4XeeIw= =qV7H -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "ipados",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "16.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7.2"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.2"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "16.0"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.2"
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "9.2"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.2",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.2",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "170318"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "PACKETSTORM",
"id": "170312"
},
{
"db": "PACKETSTORM",
"id": "170311"
}
],
"trust": 0.4
},
"cve": "CVE-2022-42852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-42852",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-42852",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3045",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3045"
},
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. Safari , iPadOS , iOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. ==========================================================================\nUbuntu Security Notice USN-5797-1\nJanuary 09, 2023\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript\nengines. If a user were tricked into viewing a malicious website, a remote\nattacker could exploit a variety of issues related to web browser security,\nincluding cross-site scripting attacks, denial of service attacks, and\narbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.10.1\n libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.10.1\n libjavascriptcoregtk-5.0-0 2.38.3-0ubuntu0.22.10.1\n libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.10.1\n libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.10.1\n libwebkit2gtk-5.0-0 2.38.3-0ubuntu0.22.10.1\n\nUbuntu 22.04 LTS:\n libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.22.04.1\n libjavascriptcoregtk-4.1-0 2.38.3-0ubuntu0.22.04.1\n libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.22.04.1\n libwebkit2gtk-4.1-0 2.38.3-0ubuntu0.22.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.38.3-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.38.3-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.38.3-1~deb11u1. \n\nWe recommend that you upgrade your wpewebkit packages. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641 To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\". Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nCVE-2022-42847: ABC Research s.r.o. \nCVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nBoot Camp\nAvailable for: macOS Ventura\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An access issue was addressed with improved access\nrestrictions. Apple is aware of a report that this issue\nmay have been actively exploited against versions of iOS released\nbefore iOS 15.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2\n\niOS 16.2 and iPadOS 16.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213530. \n\nAccounts\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42843: Mickey Jin (@patch1t)\n\nAppleAVD\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Parsing a maliciously crafted video file may lead to kernel\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46694: Andrey Labunets and Nikita Tarakanov\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-42865: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nAVEVideoEncoder\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42848: ABC Research s.r.o\n\nCoreServices\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: Multiple issues were addressed by removing the\nvulnerable code. \nCVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nOffensive Security\n\nGPU Drivers\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-46702: Xia0o0o0o of W4terDr0p, Sun Yat-sen University\n\nGraphics Driver\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42850: Willy R. Vasquez of The University of Texas at Austin\n\nGraphics Driver\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Parsing a maliciously crafted video file may lead to\nunexpected system termination\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin\n\nImageIO\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46693: Mickey Jin (@patch1t)\n\nImageIO\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Parsing a maliciously crafted TIFF file may lead to\ndisclosure of user information\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42851: Mickey Jin (@patch1t)\n\nIOHIDFamily\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42864: Tommy Muir (@Muirey03)\n\nIOMobileFrameBuffer\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46690: John Aakerblom (@jaakerblom)\n\niTunes Store\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An issue existed in the parsing of URLs. \nCVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2022-46689: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Connecting to a malicious NFS server may lead to arbitrary\ncode execution with kernel privileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-46701: Felix Poulin-Belanger\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to break out of its sandbox\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42844: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42845: Adam Doup\u00e9 of ASU SEFCOM\n\nPhotos\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Shake-to-undo may allow a deleted photo to be re-surfaced\nwithout authentication\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32943: an anonymous researcher\n\nppp\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42840: an anonymous researcher\n\nPreferences\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to use arbitrary entitlements\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42855: Ivan Fratric of Google Project Zero\n\nPrinting\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42862: Mickey Jin (@patch1t)\n\nSafari\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: A spoofing issue existed in the handling of URLs. \nCVE-2022-46695: KirtiKumar Anandrao Ramchandani\n\nSoftware Update\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: A user may be able to elevate privileges\nDescription: An access issue existed with privileged API calls. \nCVE-2022-42849: Mickey Jin (@patch1t)\n\nWeather\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: An app may be able to read sensitive location information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-42866: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 245521\nCVE-2022-42867: Maddie Stone of Google Project Zero\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 245466\nCVE-2022-46691: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may bypass Same\nOrigin Policy\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 246783\nCVE-2022-46692: KirtiKumar Anandrao Ramchandani\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42852: hazbinhotel working with Trend Micro Zero Day\nInitiative\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 246942\nCVE-2022-46696: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 247562\nCVE-2022-46700: Samuel Gro\u00df of Google V8 Security\n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air\n3rd generation and later, iPad 5th generation and later, and iPad\nmini 5th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 247420\nCVE-2022-46699: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 244622\nCVE-2022-42863: an anonymous researcher\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Zweig of Kunlun Lab and pattern-f\n(@pattern_F_) of Ant Security Light-Year Lab for their assistance. \n\nSafari Extensions\nWe would like to acknowledge Oliver Dunk and Christian R. of\n1Password for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher and scarlet for\ntheir assistance. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16.2 and iPadOS 16.2\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDke\nNxmnGxAAuO8CwNDPYn+yyq7VIRB6+sCaV962MC2c7TFzU+R1waBBaG57NmJQeANL\n5645QVNL/5k0TaFiSV/dFg15YvBkLgC6JVHeKebYvboSHB0wsfxejfwYnYFLNc44\nxriqdQSarmp61Aw4270LFRjV1XokOGuEzo4U3InyhiawceAVR/qvteNDxETnsiAN\njyaPRnx1d2K22+VZAFRtVjLgFLkBwAguamuMe8vIaqP71giORZNfX+w+GduszAqY\nSpo5aPC8G56GmHGZnSid/utBa2CqXfVRMyUmnYYukPrYACdy4WkTKWOWCbPrCbkT\nVWc43jsWhPqsMFopyy4K+SaCZqNdcpIag8n5uvCsf0tLPIUPTMRXSj3w1WOq1++6\nNV3cZp6RaFVYJ3twU2D1q/Vj8VXILNPvECzGNlOxRJu0H7w3VD5ZdZ16Gsc8T62C\nER5CSJr49fj5ixLCP9HepmIK5Rz0UXMxmylUANk2h88HK9hr7/s1EOYtCVjTEYQ2\nc1ESd87HYz24iYnqaL5d8KDFiGQCVfuwnz2keWO7Lc2E+8OUqqYTWfCoSWprWnSU\nZR31xA+JnPSS4WBP4RzitUmAiP5sdulF0jg4IZ0y0RUwWI4lD4vv0z9glb++rRHh\nPJj9uuirFcmKJ1BSfEN1glq/gGW8SP1vuq1BU+fIdeHtw4XeeIw=\n=qV7H\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42852"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "VULHUB",
"id": "VHN-439656"
},
{
"db": "VULMON",
"id": "CVE-2022-42852"
},
{
"db": "PACKETSTORM",
"id": "170431"
},
{
"db": "PACKETSTORM",
"id": "170350"
},
{
"db": "PACKETSTORM",
"id": "170318"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "PACKETSTORM",
"id": "170312"
},
{
"db": "PACKETSTORM",
"id": "170311"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-439656",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-439656"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42852",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "170350",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170431",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023611",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170319",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0118",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1322",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1216",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3045",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "170311",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170318",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170314",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170312",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170349",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-439656",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-42852",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-439656"
},
{
"db": "VULMON",
"id": "CVE-2022-42852"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "PACKETSTORM",
"id": "170431"
},
{
"db": "PACKETSTORM",
"id": "170350"
},
{
"db": "PACKETSTORM",
"id": "170318"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "PACKETSTORM",
"id": "170312"
},
{
"db": "PACKETSTORM",
"id": "170311"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3045"
},
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"id": "VAR-202212-1523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-439656"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:30:57.804000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213536 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht213530"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/dec/20"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/dec/21"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/dec/23"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/dec/26"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/dec/27"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/dec/28"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht213536"
},
{
"trust": 2.4,
"url": "https://security.gentoo.org/glsa/202305-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht213530"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht213531"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht213532"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht213535"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht213537"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42852/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-40179"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170431/ubuntu-security-notice-usn-5797-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-of-december-2022-40105"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1216"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170319/apple-security-advisory-2022-12-13-9.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0118"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1322"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0058"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170350/debian-security-advisory-5309-1.html"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42837"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42845"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46692"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42856"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42867"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40303"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42864"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42855"
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5797-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46700"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42863"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213536."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42854"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213532."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42853"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46691"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213531."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42850"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213530."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42851"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-439656"
},
{
"db": "VULMON",
"id": "CVE-2022-42852"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "PACKETSTORM",
"id": "170431"
},
{
"db": "PACKETSTORM",
"id": "170350"
},
{
"db": "PACKETSTORM",
"id": "170318"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "PACKETSTORM",
"id": "170312"
},
{
"db": "PACKETSTORM",
"id": "170311"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3045"
},
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-439656"
},
{
"db": "VULMON",
"id": "CVE-2022-42852"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"db": "PACKETSTORM",
"id": "170431"
},
{
"db": "PACKETSTORM",
"id": "170350"
},
{
"db": "PACKETSTORM",
"id": "170318"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "PACKETSTORM",
"id": "170312"
},
{
"db": "PACKETSTORM",
"id": "170311"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3045"
},
{
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-439656"
},
{
"date": "2022-12-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42852"
},
{
"date": "2023-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"date": "2023-01-10T14:10:46",
"db": "PACKETSTORM",
"id": "170431"
},
{
"date": "2023-01-02T14:20:15",
"db": "PACKETSTORM",
"id": "170350"
},
{
"date": "2022-12-22T02:13:22",
"db": "PACKETSTORM",
"id": "170318"
},
{
"date": "2022-12-22T02:11:48",
"db": "PACKETSTORM",
"id": "170314"
},
{
"date": "2022-12-22T02:11:02",
"db": "PACKETSTORM",
"id": "170312"
},
{
"date": "2022-12-22T02:10:24",
"db": "PACKETSTORM",
"id": "170311"
},
{
"date": "2022-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3045"
},
{
"date": "2022-12-15T19:15:24.797000",
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-439656"
},
{
"date": "2022-12-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42852"
},
{
"date": "2023-11-29T03:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-023611"
},
{
"date": "2023-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3045"
},
{
"date": "2023-05-30T06:15:29.040000",
"db": "NVD",
"id": "CVE-2022-42852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "170431"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3045"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Apple products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023611"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3045"
}
],
"trust": 0.6
}
}