By Waqas
Here’s a rundown of the impact of new cybersecurity regulations as they are applied to the medical device industry. 
This is a post from HackRead.com Read the original post: How New Cybersecurity Regulations Are Shaping the Medical Device Industry

Discover how the latest cybersecurity regulations are influencing the medical device industry. Learn about the measures manufacturers are taking to meet compliance requirements, enhance device security, and protect patient data. Stay ahead of the curve with insights into the evolving landscape of medical device cybersecurity.

Given its direct effect on health and life, the medical industry is subject to stringent regulations. Governments worldwide exercise some form of control over medical products and services.

However, the regulations don’t appear to be as agile as they should be in light of the growing cyber threats on web-connected medical equipment and other digital devices used in healthcare.

Medical devices that connect to the internet and to other gadgets have been in use for quite some time, but it’s only in the past couple of years that regulators have paid attention to the serious threats hounding modern medical hardware. Better late than never as some would say—it’s good to see policymakers stepping up their game to ensure the secure use or operation of medical equipment.

Here’s a rundown of the impact of new cybersecurity regulations as they are applied to the medical device industry. 

The passage of the United States 2023 Omnibus Bill comes with the expansion of the US Food and Drug Administration’s authority over medical device security. This expanded authority gives the FDA the power to set cybersecurity requirements for medical devices and requires all device manufacturers to demonstrate that their products meet these requirements.

This legislation provides the FDA with additional funding and statutory powers that significantly impact the medical device industry. Before the FDA’s updated authority, cybersecurity for medical devices was more of an auxiliary or supplemental concern. It was evaluated separately and not with the same urgency accorded to other device safety concerns.

The FDA’s new powers allow it to compel device manufacturers to implement a product development framework that meets security requirements. Devices will not be made available to customers unless they are secure.

Device makers will be required to monitor and address postmarket cybersecurity vulnerabilities, develop processes to provide reasonable cybersecurity assurance, submit a software bill of materials (SBOM), and comply with other requirements set by the FDA. Security is now part of the safety evaluation of devices.

The 2023 Omnibus Bill defines the devices to be covered by the FDA’s expanded authority as something that meets any of the following conditions: having software/firmware in it, the ability to connect to the internet, and the potential to be affected by cyber threats or attacks. This means that a vast range of devices will be covered and unscrupulous manufacturers will have a hard time circumventing FDA scrutiny.

All these bode well for patient safety, but many device makers will likely regard it as onerous. The changes they need to implement in their product development and monitoring processes mean additional costs. They also mean a slower time to market. 

**CISA’s push for secure-by-design policy: compulsory security throughout the product life cycle**

The Cybersecurity and Infrastructure Security Agency (CISA) of the United States is pushing for the adoption of “secure-by-design” and “secure-by-default” policies among technology manufacturers, which include advanced medical device makers.

The agency attempts to address the fixation of most companies to get their products out to the market as quickly as possible, disregarding crucial safety concerns especially when it comes to cybersecurity. 

CISA also seeks to make organizations develop voluntary performance goals that match the specific needs and environments they are dealing with. These specific performance objectives allow organizations to have a better grasp of the threat landscape and how they can improve their products to stop or mitigate the impact of cyber attacks.

Moreover, CISA plans to encourage enterprises to be security-conscious through a government-sanctioned acknowledgement or praise for compliant organizations. The agency also plans to take advantage of the US IT procurement capacity to reward businesses that embrace the secure-by-design policy with favourable procurement deals.

CISA does not have a lot of regulatory authority, but it is capable of influencing organizations to become security-aware and capable of adapting to the changing needs in the field of medical device security. It plays two major roles: serving as the operational lead for Federal Cybersecurity and working as the national coordinator for critical infrastructure security and resilience. 

**EU Medical Device Regulation: systematized device security**

In 2020, the European Union introduced regulations to address medical device cybersecurity threats. These regulations are collectively known as the Medical Device Regulation (MDR) framework aims to ensure that all medical devices imported into the EU are of high quality and guaranteed safety. 

MDR supplants the EU Medical Device Directive (MDD), which has been in place for nearly a quarter of a century. MDR is a mandatory requirement for all medical devices that enter the EU market. It sets a product classification system, clinical evaluation process, EUDAMED mechanisms, and supply chain guidelines to ensure medical device security and safety.

The European Union is one of the biggest markets for medical devices. MDR has been in effect for more than a year now. Its implementation has shown that it is possible to exercise effective regulation to ensure patient safety and security against cyber assailants. Its new requirements for medical device imports leave no room for run-of-the-mill device makers. It forces everyone to systematically integrate cybersecurity across the product development lifecycle

**Japan’s MHLW guidelines: information sharing with healthcare providers and patients**

Japan has been at the forefront of medical device cybersecurity regulations in Asia. The country’s Ministry of Health, Labour, and Welfare (MHLW) announced in 2020 new guidelines regarding medical device security. These guidelines require medical device manufacturers to implement a cybersecurity management system and conduct regular risk assessments. They also ask manufacturers to provide information on the security of medical devices to healthcare providers and patients.

The MHLW guidelines are notable for their emphasis on information sharing. All relevant parties are informed about the security of medical device products. This is important in establishing trust and encouraging everyone to play a role in making sure that the medical devices available in the market are secure and unlikely to be compromised by threat actors.

**How industries are responding**

It’s safe to say that there have been no objections from the medical tech sector, at least nothing explicit. Some in the tech industry have openly welcomed the new regulations. Google, for one, expressed support for the efforts to raise cybersecurity standards in mobile and IoT gadgets.

New medical device regulations do not only mean improved medical device effectiveness and patient safety. They also promote the development of new solutions to help device makers keep up with the new security requirements efficiently. They create opportunities for innovative companies, especially when it comes to addressing new cybersecurity needs.

Israeli medical software provider MedDev Soft, for example, offers solutions that simplify and accelerate software development and regulatory compliance for medical products. Californian startup Medcrypt offers cryptography, monitoring, and vulnerability management solutions for medical device makers. 

Another Israeli company, Sternum, takes a different approach and offers integrated on-device endpoint security that helps with cyber regulations. The main advantage of this particular solution is that it can be used to easily retrofit existing devices. Sternum is responsible for the security of the pacemakers of Medtronic, for example.

Recent cyber attacks on healthcare organizations have highlighted the importance of cybersecurity regulations for medical devices. Device manufacturers, the tech industry in general, and cybersecurity firms acknowledge the need to bolster defenses in line with the US Cybersecurity and Infrastructure Security Agency’s recent pronouncements on the state of healthcare cybersecurity.

**In conclusion**

Recent cyber attacks on healthcare organizations have highlighted the importance of cybersecurity regulations for medical devices. There may have been no significant incidents of cyber attacks that sought to harm individuals by hacking into their connected medical devices. However, it is better to anticipate the attacks than to be caught flatfooted.

New regulations are shaping the medical device industry, especially when it comes to the safety and security aspects. These regulations greatly benefit patients, but they are also a welcome development for the cybersecurity industry. Security firms have been developing new solutions to help organizations comply more easily while ensuring honest-to-goodness medical device security.

1.  Importance Of Medical Alert Devices
2.  Intel chip flaw left medical devices vulnerable
3.  AI firm exposes sensitive medical records online
4.  Drastic Implication of Unpatchd Medical Devices
5.  Ransomware attack on US healthcare debt collector

How New Cybersecurity Regulations Are Shaping the Medical Device Industry

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.

Released July 20, 2022

**APFS**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32832: Tommy Muir (@Muirey03)

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause kernel code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2022-32788: Natalie Silvanovich of Google Project Zero

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**AppleMobileFileIntegrity**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed with improved input validation.

CVE-2022-42805: Mohamed Ghannam (@\_simo36)

Entry added November 9, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-32948: Mohamed Ghannam (@\_simo36)

Entry added November 9, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-32845: Mohamed Ghannam (@\_simo36)

Entry updated November 9, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32840: Mohamed Ghannam (@\_simo36)

CVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group

Entry updated September 16, 2022

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32810: Mohamed Ghannam (@\_simo36)

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-32820: an anonymous researcher

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32825: John Aakerblom (@jaakerblom)

**CoreMedia**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)

**CoreText**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may cause an unexpected app termination or arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32839: STAR Labs (@starlabs\_sg)

**File System Events**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-32819: Joshua Mason of Mandiant

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2022-32793: an anonymous researcher

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-32821: John Aakerblom (@jaakerblom)

**Home**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32855: Zitong Wu(吴梓桐) from Zhuhai No.1 Middle School(珠海市第一中学)

Entry updated September 16, 2022

**iCloud Photo Library**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to access sensitive user information

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2022-32849: Joshua Jones

**ICU**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32841: hjy79425575

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A logic issue was addressed with improved checks.

CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to disclosure of user information

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32830: Ye Zhang (@co0py\_Cat) of Baidu Security

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing an image may lead to a denial-of-service

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32813: Xinru Chi of Pangu Lab

CVE-2022-32815: Xinru Chi of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to disclose kernel memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32817: Xinru Chi of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication

Description: A logic issue was addressed with improved state management.

CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

**Liblouis**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)

**libxml2**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to leak sensitive user information

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-32823

**Multi-Touch**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

**PluginKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

**Safari Extensions**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: The issue was addressed with improved UI handling.

CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University

**Software Update**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user in a privileged network position can track a user’s activity

Description: This issue was addressed by using HTTPS when sending information over the network.

CVE-2022-32857: Jeffrey Paul (sneak.berlin)

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@\_manfp) working with Trend Micro Zero Day Initiative

**WebRTC**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2022-32860: Wang Yu of Cyberserval

Entry added November 9, 2022

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32837: Wang Yu of Cyberserval

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory

Description: This issue was addressed with improved checks.

CVE-2022-32847: Wang Yu of Cyberserval

CVE-2022-32855: About the security content of iOS 15.6 and iPadOS 15.6

The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data.

Released July 20, 2022

**Safari Extensions**

Available for: macOS Big Sur and macOS Catalina

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: The issue was addressed with improved UI handling.

CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National University

**WebKit**

Available for: macOS Big Sur and macOS Catalina

Impact: A user may be tracked through their IP address

Description: A logic issue was addressed with improved state management.

CVE-2022-32861: Matthias Keller (m-keller.com)

Entry added September 16, 2022

**WebKit**

Available for: macOS Big Sur and macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32863: P1umer, afang5472, xmzyshypnc

Entry added September 16, 2022

**WebKit**

Available for: macOS Big Sur and macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@\_manfp) working with Trend Micro Zero Day Initiative

**WebRTC**

Available for: macOS Big Sur and macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

CVE-2022-32784: About the security content of Safari 15.6

The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service.

Released January 23, 2023

**AppleMobileFileIntegrity**

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by enabling hardened runtime.

CVE-2023-23499: Wojciech Reguła (@\_r3ggi) of SecuRing (wojciechregula.blog)

**Crash Reporter**

Available for: macOS Ventura

Impact: A user may be able to read arbitrary files as root

Description: A race condition was addressed with additional validation.

CVE-2023-23520: Cees Elzinga

Entry added February 20, 2023

**curl**

Available for: macOS Ventura

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating to curl version 7.86.0.

CVE-2022-42915

CVE-2022-42916

CVE-2022-32221

CVE-2022-35260

**dcerpc**

Available for: macOS Ventura

Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

**DiskArbitration**

Available for: macOS Ventura

Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password

Description: A logic issue was addressed with improved state management.

CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

**Foundation**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23530: Austin Emmitt, Senior Security Researcher at Trellix ARC

Entry added February 20, 2023

**Foundation**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23531: Austin Emmitt, Senior Security Researcher at Trellix ARC

Entry added February 20, 2023

**ImageIO**

Available for: macOS Ventura

Impact: Processing an image may lead to a denial-of-service

Description: A memory corruption issue was addressed with improved state management.

CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

**Intel Graphics Driver**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2023-23507: an anonymous researcher

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to determine kernel memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2023-23504: Adam Doupé of ASU SEFCOM

**libxpc**

Available for: macOS Ventura

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with improved validation.

CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Mail Drafts**

Available for: macOS Ventura

Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account

Description: A logic issue was addressed with improved state management.

CVE-2023-23498: an anonymous researcher

**Maps**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2023-23503: an anonymous researcher

**PackageKit**

Available for: macOS Ventura

Impact: An app may be able to gain root privileges

Description: A logic issue was addressed with improved state management.

CVE-2023-23497: Mickey Jin (@patch1t)

**Safari**

Available for: macOS Ventura

Impact: An app may be able to access a user’s Safari history

Description: A permissions issue was addressed with improved validation.

CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Safari**

Available for: macOS Ventura

Impact: Visiting a website may lead to an app denial-of-service

Description: The issue was addressed with improved handling of caches.

CVE-2023-23512: Adriatik Raci

**Screen Time**

Available for: macOS Ventura

Impact: An app may be able to access information about a user’s contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

**Vim**

Available for: macOS Ventura

Impact: Multiple issues in Vim

Description: A use after free issue was addressed with improved memory management.

CVE-2022-3705

**Weather**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: The issue was addressed with improved memory handling.

CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree\_segment), SeOk JEON (@\_seokjeon), YoungSung Ahn (@\_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree\_segment), SeOk JEON (@\_seokjeon), YoungSung Ahn (@\_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

**Wi-Fi**

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory.

Description: The issue was addressed with improved memory handling

CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Windows Installer**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences.

Description: The issue was addressed with improved memory handling.

CVE-2023-23508: Mickey Jin (@patch1t)

CVE-2023-23512: About the security content of macOS Ventura 13.2

Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.

L’**Offensive Security Team di Swascan** ha identificato una vulnerabilità di tipo SQL Injection (unauthenticated) con una severity pari a 7.5 (High) sul prodotto dell’azienda **Domotica Labs, IKON SERVER** **ver. 2.8.6**

**Domotica Labs**

Domotica Labs è un’azienda italiana specializzata nello sviluppo di soluzioni di supervisione e controllo, apparati IOT e applicazioni cloud per la gestione di edifici ed impianti intelligenti.

Sempre parte del portfolio aziendale è la produzione di dispositivi embedded, firmware, app e soluzioni cloud in ambito internet of things e industria 4.0.

Azienda molto attenta e sensibile alle problematiche di sicurezza e la ringraziamo per la collaborazione durante la fase di responsible disclosure.

**Descrizione del prodotto vulnerabile**

IKON SERVER è un web server di supervisione in grado di interagire con numerose tecnologie sia standard sia proprietarie, per offrire un unico ambiente di gestione per domotica, impianti tecnologici e termotecnici, sicurezza e multimedialità.

**Technical summary**

L’Offensive Security Team di Swascan ha rilevato alcune importanti vulnerabilità su: iKON SERVER ver. 2.8.6

**Vulnerability** 

**CVSSv3.1** 

**CVSSv3.1 Base Score**

SQL Injection (unauthenticated) 

7.5 High 

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 

Una SQL injection è un tipo di attacco informatico in cui un attaccante inserisce codice SQL maligno in una query, al fine di manipolare il database per acquisire informazioni riservate o per causare danni.Questo tipo di attacco sfrutta vulnerabilità nell’architettura delle applicazioni web che utilizzano query SQL per interagire con i database.

Terminato l’iter di responsible vulnerability disclosure, in pieno accordo con Domotica Labs, Swascan ha scelto di non divulgare i dettagli tecnici della vulnerabilità.

**Considerazioni finali**

Swascan ringrazia Domotica Labs per la loro collaborazione nella gestione del disclosure, per il loro impegno nel garantire la massima resilienza di prodotti e soluzioni e per grande professionalità dimostrata durante tutte le fasi del processo.

**Remediation**

Si consiglia di aggiornare all’ultima versione disponibile.

**Riferimenti**

https://www.owasp.org/index.php/SQL\_Injection

https://cwe.mitre.org/data/definitions/89.html

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/SQL\_Injection\_Prevention\_Cheat\_Sheet.md

https://owasp.org/Top10/A03\_2021-Injection/

https://www.domoticalabs.com/article/come-aggiornare-ikon-server

**Disclosure Timeline**

*   13-04-2022: Vulnerabilities discovered
*   19-04-2022: Vendor contacted by email (1st time, responded 21/04/2022)
*   11-05-2022: Vendor patched
*   16-01-2023: Swascan disclosed

CVE-2023-24253: Security Advisory: Domotica Labs - IKON SERVER

New Zero Trust OT Security solution secures critical infrastructure without additional sensors.

**SANTA CLARA, Calif.****,** **Feb. 27, 2023** **/PRNewswire/ --** The usage and connectivity of operational technology (OT) is rapidly growing as are the number of cyberattacks on OT environments. These attacks can disrupt operations, causing damage that can reach far beyond revenue and reputation to supply chain, human safety and critical infrastructure. To help companies keep their OT environments secure, Palo Alto Networks today introduced the most comprehensive Zero Trust OT Security solution.

A key component of the solution is the new cloud-delivered Industrial OT Security service, which can be easily enabled — without the need to install additional sensors — by any of the 61,000+ active customers of Palo Alto Networks network security products: hardware and software Next-Generation Firewalls (NGFW) and Prisma SASE. Built on an AI-powered foundation with ease of deployment in mind, the new solution enables customers to secure their OT environments from the most sophisticated threats while simplifying their operations.

OT devices can be hard to secure because many lack built-in security and were not designed to be patched. In addition, high uptime requirements limit the ability to do regular security maintenance. OT environments are also at risk as organizations adopt new technologies like 5G, which enable mass connectivity, and open up remote access.

"Most OT security solutions in the market fall short because they can't identify all the assets and can only alert but don't prevent threats. This leads to a patchwork of siloed security technologies, which can lead to security gaps," said Anand Oswal, SVP, network security at Palo Alto Networks. "Our OT Security solution is designed to help organizations stay secure through granular visibility and effective inline security while meeting their availability and uptime requirements."

Using the industry's first ML-powered OT visibility engine, the Industrial OT Security service recognizes hundreds of unique OT device profiles, over 1,000 OT/Industrial Control System (ICS) applications, and has hundreds of distinct OT threat signatures to help protect these hard-to-secure assets. A notable feature of the service is its ability to help security teams proactively understand risk and apply controls. It continuously observes, categorizes and visualizes asset behavior so anomalies can be discovered immediately and addressed with firewall policy.

"As industrial OT systems and IT systems become more interconnected, so does the size of the attack surface available to the adversary. Defending against increasingly sophisticated threats requires expanded security strategies that can provide visibility, context, and Zero Trust capabilities across both OT and IT networks, devices, applications, and users," said Dave Gruber, principal analyst, Enterprise Strategy Group. "The Palo Alto Networks solution embraces this unified security model, promising to help protect complex OT environments."

"Manufacturing has come into the crosshairs of many recent cyberattacks. Palo Alto Networks Industrial OT Security is a must have to ensure security best practices are in place," said Jared Mendenhall, director, Information Security, Impossible Foods. "We look forward to Palo Alto Networks' dedicated OT Security solution to help us further secure our manufacturing plant, remote operations, and realize our broader Zero Trust vision."

The Zero Trust OT Security solution secures multiple OT use cases with consistent Zero Trust policies, all managed centrally:

*   **OT assets and networks** using Palo Alto Networks NGFWs, along with the new Industrial OT Security service.
*   **Remote access** using Prisma SASE.
*   **5G-connected devices** using NGFWs with Palo Alto Networks 5G-Native Security.

Follow Palo Alto Networks on Twitter, LinkedIn, Facebook and Instagram.

**Availability**

Palo Alto Networks Zero Trust OT Security solution and Industrial OT Security service will be available in March.

**About Palo Alto Networks**

Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021 and 2022), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

_Palo Alto Networks, Prisma, and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in_ the United States _and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available._

SOURCE Palo Alto Networks, Inc.

Palo Alto Announces Zero-Trust Security Solution for OT

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. (Vulnerability ID:HWPSIRT-2022-90086)

This vulnerability has been assigned a (CVE) ID: CVE-2022-48284

  

Affected Product

Affected Version

Repair Version

HarmonyOS AILife Solution 6.0

HiLink AI Life 12.0.2.305

HiLink AI Life 12.0.3.305

HWPSIRT-2022-90086:

Successful exploitation could allow attackers to access restricted functions.

  

Vulnerabilities are scored base on the CVSS v3.1 scoring system. For details please refer to: http://www.first.org/cvss/specification-document.

HWPSIRT-2022-90086

Base Score: 4.5

Temporary Score: 4.2

Environmental Score: NA

CVSS v3.1 Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C

  

HWPSIRT-2022-90086:

This vulnerability can be exploited only when the following conditions are present:

Attackers construct malicious applications.

Technical details:

A piece of Huawei whole-home intelligence software does not correctly verify the caller's permission. As a result, an Incorrect Privilege Assignment vulnerability is caused. An attacker can construct a malicious application to exploit this vulnerability and access restricted functions.

  

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.  

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.  

2023-02-01 V1.0 Initial Release

  

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-48284: Security Advisory - Incorrect Privilege Assignment Vulnerability in Huawei Whole-Home Intelligence Software

*   SA No:huawei-sa-IPAViHWHIS-1afe7781
*   Initial Release Date: 2023-02-01
*   Last Release Date: 2023-02-01

  

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-52968)

This vulnerability has been assigned a (CVE) ID: CVE-2022-48283

Affected Product

Affected Version

Repair Versions

HarmonyOS AILife Solution 6.0

HiLink AI Life 12.0.2.305

HiLink AI Life 12.0.3.305

  

HWPSIRT-2022-52968:

Successful exploitation could allow attackers to access restricted functions.

  

Vulnerabilities are scored base on the CVSS v3.1 scoring system. For details please refer to: http://www.first.org/cvss/specification-document.

HWPSIRT-2022-52968

Base Score: 7.0

Temporary Score: 6.5

Environmental Score: NA

CVSS v3.1 Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

  

HWPSIRT-2022-52968:

This vulnerability can be exploited only when the following conditions are present:

Attackers construct malicious applications.

Technical details:

A piece of Huawei whole-home intelligence software does not correctly verify the caller's permission. As a result, an Incorrect Privilege Assignment vulnerability is caused. An attacker can construct a malicious application to exploit this vulnerability and access restricted functions.

  

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

HWPSIRT-2022-52968:

This vulnerability was discovered by Huawei internal tester.

  

2023-02-01 V1.0 Initial Release

  

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-48283: Security Advisory - Incorrect Privilege Assignment Vulnerability in Huawei Whole-Home Intelligence Software

Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.

Russia's war in Ukraine has shaken cyberspace at every level, from nation-state advanced persistent threats (APTs) on down to low-grade carders on Dark Web forums.

A new report from Recorded Future highlights the many effects that the Russian invasion of Ukraine, now one year past, has had in cyberspace. Threat actors have been pulled away from their computers. Allies have become enemies. Cybercrime activity has shifted and power structures have been reorganized, not least because people have been physically moving.

It all amounts to a kind of grand, multifaceted dissolution. A breakdown of the cybercrime state of affairs. Will the digital underworld ever be the same again?

**Cybercriminals Are Moving**

The internet breaks down barriers. Even thousands of miles can't prevent a hacker in Russia or Ukraine from breaching the database of a corporation in France or Canada. And yet, physical movement in the wake of the war has had lasting impacts on how cybercriminals are operating.

On one hand, of course, Ukrainians have emigrated from their country en masse.

"We believe that some threat actor groups based in Ukraine also fled when the war began, similar to their Russian counterparts," Alex Leslie, associate threat intelligence analyst at Recorded Future, tells Dark Reading.

The report refers to the case of Mark Sokolovsky, core developer for Raccoon Stealer — an information-stealing malware — who fled Ukraine to avoid conscription.

"While this is only one case study," Leslie says, "we believe it is indicative of a larger trend in which threat actors have fled Russia, Ukraine, and even Belarus to avoid conflict."

Meanwhile, Russia has been experiencing, as the authors say, a "brain drain," with IT and cybersecurity professionals leaving the country for neighboring Georgia, Kazakhstan, Finland, and Estonia. Further, the drafting of young men of fighting age has led threat actors from behind screens to the front lines.

As a result, the country "has begun to deplete its hacker reserves," Leslie explains. "What we identify is that the overall volume of activities, particularly on Russian cybercriminal forums, marketplaces, and social media channels, has decreased dramatically in waves. These waves being immediately before and after the war began, during waves of mobilization, and coinciding with Russians leaving the country."

The reordering of so many lives has led to "a bit more decentralization, both geographically and in terms of hegemonic groups and sources of activity," Leslie says.

**Cybercriminals Are Fighting One Another**

Cybercriminals come from every corner of the world, but no corner more than in Russia and Eastern Europe. Many of the great cyberattacks of history have come courtesy of criminals in Russia and Ukraine. Russian APTs have become notorious for their attacks against Ukraine but this represents a change: Russian cybercriminals have historically worked hand\-in-hand with their comrades across the border.

This kumbaya attitude was quashed on Feb. 24, 2022, when Russia invaded Ukraine and those on both sides were inspired to pledge allegiances. Most famously, the Conti group fully backed the Putin regime, then retracted, then halfway retracted its retraction. This support for the invasion was perhaps uncoincidentally attended by a giant leak of the Conti source code, tipping over a slow demise for Russia’s most prominent ransomware gang.

"We do not believe that Conti’s dissolution was a direct result of the leaks," the authors wrote, "but rather that the leaks catalyzed the dissolution of an already fracturing threat group."

Far beyond just Conti, cybercrime elements which once worked together have since split over political differences, according to Recorded Future. The authors wrote that "the so-called 'brotherhood' of Russian-speaking threat actors located in the CIS \[Commonwealth of Independent States\] has been damaged by insider leaks and group splintering, due to declarations of nation-state allegiance both in support of and opposed to Russia’s war against Ukraine."

All the uprooting and fighting has caused fractures in the very structure of the cybercrime underground, researchers concluded.

"Russian-language Dark Web marketplaces have taken a major hit," Leslie claims. "These marketplaces have also fractured and become more diffuse," a trend compounded by the seizure of the world's No. 1 cybercrime forum, Hydra.

He adds, "We speculate that the epicenter of cybercrime may shift to English-speaking Dark Web forums, shops, and marketplaces over the next year."

How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever

Ubuntu Security Notice 5886-1 - Erik C. Bjorge discovered that some Intel Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel Xeon Processors used incorrect default permissions in some memory controller configurations when using Intel Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges.

=========================================================================  
Ubuntu Security Notice USN-5886-1  
February 27, 2023

intel-microcode vulnerabilities  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:  
- intel-microcode: Processor microcode for Intel CPUs

Details:

Erik C. Bjorge discovered that some Intel(R) Atom and Intel Xeon Scalable  
Processors did not properly implement access controls for out-of-band  
management. This may allow a privileged network-adjacent user to potentially  
escalate privileges. (CVE-2022-21216)

Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju  
Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson  
discovered that some Intel(R) Xeon(R) Processors used incorrect default  
permissions in some memory controller configurations when using Intel(R)  
Software Guard Extensions. This may allow a privileged local user to potentially  
escalate privileges. (CVE-2022-33196)

It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable Processors  
did not properly calculate microkey keying. This may allow a privileged local  
user to potentially disclose information.  (CVE-2022-33972)

Joseph Nuzman discovered that some Intel(R) Processors when using Intel(R)  
Software Guard Extensions did not properly isolate shared resources. This may  
allow a privileged local user to potentially disclose  
information. (CVE-2022-38090)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  intel-microcode                 3.20230214.0ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
  intel-microcode                 3.20230214.0ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  intel-microcode                 3.20230214.0ubuntu0.20.04.1

Ubuntu 18.04 LTS:  
  intel-microcode                 3.20230214.0ubuntu0.18.04.1

Ubuntu 16.04 ESM:  
  intel-microcode                 3.20230214.0ubuntu0.16.04.1+esm1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5886-1  
  CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090

Package Information:  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.22.10.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.20.04.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20230214.0ubuntu0.18.04.1

Tag

#intel