Multiple vulnerabilities in Apple iOS and iPadOS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Security restrictions bypass

EUVDB-ID: #VU63270

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26731

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to track Safari users.

The vulnerability exists due to a logic issue in Safari private browsing mode. A remote attacker can track Safari users.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cryptographic issues

EUVDB-ID: #VU63271

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-26766

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: Yes

Description

The vulnerability allows a local application to bypass signature validation.

The vulnerability exists due to a certificate parsing issue in the Security subsystem. A local application can bypass signature validation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Buffer overflow

EUVDB-ID: #VU63279

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26700

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU63280

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26709

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU63281

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26710

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU63283

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26716

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU60922

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-23308

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU63284

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26719

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource management error

EUVDB-ID: #VU63285

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-22677

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to a logic issue in video self-preview feature in a webRTC call, which can be interrupted if the user answers a phone call.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU63286

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26745

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a boundary error in Wi-Fi component. A local application can gain read access to restricted memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU32295

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-4142

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU63288

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26762

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63261

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26706

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass sandbox restrictions.

The vulnerability exists due to sandbox bypass in LaunchServices. A local application can circumvent sandbox restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU63246

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-26763

Exploit availability: Yes

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in DriverKit. A local application can execute arbitrary code with system privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Input validation error

EUVDB-ID: #VU63235

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26751

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the processing of HEIC files in the VTDecoderXPCService process in the AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds write

EUVDB-ID: #VU63238

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26736

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds write

EUVDB-ID: #VU63239

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26737

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds write

EUVDB-ID: #VU63240

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26738

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU63241

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26739

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU63242

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26740

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in AVEVideoEncoder. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Race condition

EUVDB-ID: #VU63260

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26765

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the OS kernel subsystem. A local user can exploit the race to bypass Pointer Authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Integer overflow

EUVDB-ID: #VU63247

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26711

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when parsing WebP images in the ImageIO framework. A remote attacker can trick the victim into opening a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Race condition

EUVDB-ID: #VU63254

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26701

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in IOKit. A local application can exploit the race and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU63255

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26768

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOMobileFrameBuffer. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU63257

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26714

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU63258

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-26757

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

28) Buffer overflow

EUVDB-ID: #VU63259

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26764

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can trigger memory corruption and bypass kernel memory mitigations to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU63291

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26702

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in AppleAVD. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU63292

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26744

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in GPU Drivers. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU63293

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26771

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOSurfaceAccelerator. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU63294

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-22673

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Notes application. A remote attacker can trick the victim to open an overly large file and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Security features bypass

EUVDB-ID: #VU63295

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26703

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists in the Shortcuts component. An attacker with physical access to device can access photos from the lock screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU63296

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26760

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Wi-Fi component. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU63264

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26708

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Integer overflow

EUVDB-ID: #VU63265

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26775

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in libresolv. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU63263

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26776

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Information disclosure

EUVDB-ID: #VU65625

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-32781

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in FaceTime. A local application can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU64839

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32790

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted DNS response to the systen and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Security features bypass

EUVDB-ID: #VU63277

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-26726

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a local application to capture user's screen.

The vulnerability exists due to improperly implemented security checks in TCC component. A local application can capture user's screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: before 15.5 19F77

Apple iOS: before 15.5 19F77

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

41) UNIX symbolic link following

EUVDB-ID: #VU63276

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26704

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in Spotlight. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 15.0 19A346 - 15.4.1 19E258

Apple iOS: 15.0 19A346 - 15.4.1 19E258

CPE2.3

External links