Apple Security Advisory 2022-10-27-3 - iOS 16 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
f72f652240009ad6885c95e399eeada938afdca8ed7e90acdcc02793817280ae
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.
Accelerate Framework
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795: ryuzaki
Entry added October 27, 2022
AppleAVD
Available for: iPhone 8 and later
Impact: An app may be able to cause a denial-of-service
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of
Google Project Zero, and an anonymous researcher
Entry added October 27, 2022
AppleAVD
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio
Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research
s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)
Entry added October 27, 2022
Apple Neural Engine
Available for: iPhone 8 and later
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32858: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Apple Neural Engine
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32898: Mohamed Ghannam (@_simo36)
CVE-2022-32899: Mohamed Ghannam (@_simo36)
CVE-2022-32889: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Apple TV
Available for: iPhone 8 and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Crash Reporter
Available for: iPhone 8 and later
Impact: A user with physical access to an iOS device may be able to
read past diagnostic logs
Description: This issue was addressed with improved data protection.
CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
Entry added October 27, 2022
DriverKit
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022
Exchange
Available for: iPhone 8 and later
Impact: A user in a privileged network position may be able to
intercept mail credentials
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32928: an anonymous researcher
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26744: an anonymous researcher
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32903: an anonymous researcher
Entry added October 27, 2022
ImageIO
Available for: iPhone 8 and later
Impact: Processing an image may lead to a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2022-1622
Entry added October 27, 2022
Image Processing
Available for: iPhone 8 and later
Impact: A sandboxed app may be able to determine which app is
currently using the camera
Description: The issue was addressed with additional restrictions on
the observability of app states.
CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added October 27, 2022
IOGPUFamily
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32887: an anonymous researcher
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32914: Zweig of Kunlun Lab
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)
CVE-2022-32911: Zweig of Kunlun Lab
Entry updated October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges.
Description: The issue was addressed with improved bounds checks.
CVE-2022-32917: an anonymous researcher
Maps
Available for: iPhone 8 and later
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary
Available for: iPhone 8 and later
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-32908: an anonymous researcher
Notifications
Available for: iPhone 8 and later
Impact: A user with physical access to a device may be able to access
contacts from the lock screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-32879: Ubeydullah Sümer
Entry added October 27, 2022
Photos
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved data protection.
CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha
Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort
(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan
of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
Entry added October 27, 2022
Safari
Available for: iPhone 8 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: This issue was addressed with improved checks.
CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari Extensions
Available for: iPhone 8 and later
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael
Sandbox
Available for: iPhone 8 and later
Impact: An app may be able to modify protected parts of the file
system
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
Security
Available for: iPhone 8 and later
Impact: An app may be able to bypass code signing checks
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022
Shortcuts
Available for: iPhone 8 and later
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32872: Elite Tech Guru
Sidecar
Available for: iPhone 8 and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-42790: Om kothawade of Zaprico Digital
Entry added October 27, 2022
Siri
Available for: iPhone 8 and later
Impact: A user with physical access to a device may be able to use
Siri to obtain some call history information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32870: Andrew Goldberg of The McCombs School of Business,
The University of Texas at Austin (linkedin.com/andrew-goldberg-/)
Entry added October 27, 2022
SQLite
Available for: iPhone 8 and later
Impact: A remote user may be able to cause a denial-of-service
Description: This issue was addressed with improved checks.
CVE-2021-36690
Entry added October 27, 2022
Time Zone
Available for: iPhone 8 and later
Impact: Deleted contacts may still appear in spotlight search results
Description: A logic issue was addressed with improved state
management.
CVE-2022-32859
Entry added October 27, 2022
Watch app
Available for: iPhone 8 and later
Impact: An app may be able to read a persistent device identifier
Description: This issue was addressed with improved entitlements.
CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Entry added October 27, 2022
Weather
Available for: iPhone 8 and later
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32875: an anonymous researcher
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
WebKit Bugzilla: 242047
CVE-2022-32888: P1umer (@p1umer)
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243236
CVE-2022-32891: @real_as3617, and an anonymous researcher
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with
Trend Micro Zero Day Initiative
WebKit Sandboxing
Available for: iPhone 8 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improvements to the
sandbox.
WebKit Bugzilla: 243181
CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32925: Wang Yu of Cyberserval
Entry added October 27, 2022
Additional recognition
AirDrop
We would like to acknowledge Alexander Heinrich, Milan Stute, and
Christian Weinert of Technical University of Darmstadt for their
assistance.
Entry added October 27, 2022
AppleCredentialManager
We would like to acknowledge @jonathandata1 for their assistance.
Entry added October 27, 2022
Calendar UI
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of
Lakshmi Narain College Of Technology Bhopal for their assistance.
Entry added October 27, 2022
FaceTime
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Find My
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Game Center
We would like to acknowledge Joshua Jones for their assistance.
iCloud
We would like to acknowledge Bülent Aytulun, and an anonymous
researcher for their assistance.
Entry added October 27, 2022
Identity Services
We would like to acknowledge Joshua Jones for their assistance.
Kernel
We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting
Yin of Tsinghua University, and Min Zheng of Ant Group, and an
anonymous researcher for their assistance.
Entry added October 27, 2022
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Notes
We would like to acknowledge Edward Riley of Iron Cloud Limited
(ironclouduk.com) for their assistance.
Entry added October 27, 2022
Photo Booth
We would like to acknowledge Prashanth Kannan of Dremio for their
assistance.
Entry added October 27, 2022
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added October 27, 2022
Shortcuts
We would like to acknowledge Shay Dror for their assistance.
Entry added October 27, 2022
SOS
We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber
Security Lab for their assistance.
Entry added October 27, 2022
UIKit
We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an
anonymous researcher for their assistance.
Entry added October 27, 2022
WebKit
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 16".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke
NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC
C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7
K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM
ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK
Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU
Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp
rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K
tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU
rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ
Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR
nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=
=I+iq
-----END PGP SIGNATURE-----