Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough.

Whether you run IT for a massive organization or simply own a smartphone, you're intimately familiar with the unending stream of software updates that constantly need to be installed because of bugs and security vulnerabilities. People make mistakes, so code is inevitably going to contain mistakes—you get it. But a growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can't accidentally create the most common types of exploitable security vulnerabilities when they're coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world's baseline cybersecurity.

There are fads in programming languages, and new ones come and go, often without lasting impact. Now 12 years old, Rust took time to mature from the side project of a Mozilla researcher into a robust ecosystem. Meanwhile, the predecessor language C, which is still widely used today, turned 50 this year. But because Rust produces more secure code and, crucially, doesn't worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support.

“It’s going viral as a language,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “We’ve been investing in Rust on Android and across Google, and so many engineers are like, ‘How do I start doing this? This is great.’ And Rust just landed for the first time as an officially recognized and accepted language in Linux. So this is not just Android; any system based on Linux now can start to incorporate Rust components.”

Rust is what's known as a “memory-safe” language because it's designed to make it impossible for a program to pull unintended data from a computer's memory accidentally. When programmers use stalwart languages that don't have this property, including C and C++, they have to carefully check the parameters of what data their program is going to be requesting and how—a task that even the most skilled and experienced developers will occasionally botch. By writing new software in Rust instead, even amateur programmers can be confident that they haven't introduced any memory-safety bugs into their code.

A program's memory is a shared resource used by all of its features and libraries. Imagine a calendar program written in a language that isn't memory-safe. You open your calendar and then request entries for November 2, 2022, and the program fetches all information from the area of your computer's memory assigned to store that date’s data. All good. But if the program isn't designed with the right constraints, and you request entries for November 42, 2022, the software, instead of producing an error or other failure, may dutifully return information from a part of the memory that's housing different data—maybe the password you use to protect your calendar or the credit card number you keep on file for premium calendar features. And if you add a birthday party to your calendar on November 42, it may overwrite unrelated data in memory instead of telling you that it can't complete the task. These are known as “out-of-bounds” read and write bugs, and you can see how they could potentially be exploited to give an attacker improper access to data or even expanded system control.

Another common type of memory-safety bug, known as “use-after-free,” involves a situation where a program has given up its claim to a portion of memory (maybe you deleted all your calendar entries for October 2022) but mistakenly retains access. If you later request data from October 17, the program may be able to grab whatever data has ended up there. And the existence of memory-safety vulnerabilities in code also introduces the possibility that a hacker could craft, say, a malicious calendar invitation with a strategically chosen date or set of event details designed to manipulate the memory to grant the attacker remote access.

These types of vulnerabilities aren't just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant.

“Memory-safety issues are responsible for a huge, huge percentage of all reported vulnerabilities, and this is in critical applications like operating systems, mobile phones, and infrastructure,” says Dan Lorenc, CEO of the software supply-chain security company Chainguard. “Over the decades that people have been writing code in memory-unsafe languages, we’ve tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work. So you need a new technology that just makes that entire class of vulnerabilities impossible, and that’s what Rust is finally bringing to the table.”

Rust is not without its skeptics and detractors. The effort over the last two years to implement Rust in Linux has been controversial, partly because adding support for any other language inherently increases complexity, and partly because of debates about how, specifically, to go about making it all work. But proponents emphasize that Rust has the necessary elements—it doesn't cause performance loss, and it interoperates well with software written in other languages—and that it is crucial simply because it meets a dire need.

“It’s less that it’s the right choice and more that it’s ready,” Lorenc, a longtime open-source contributor and researcher, says. “There are no real alternatives right now, other than not doing anything, and that’s just not an option anymore. Continuing to use memory-unsafe code for another decade would be a massive problem for the tech industry, for national security, for everything.”

One of the biggest challenges of the transition to Rust, though, is precisely all the decades that developers have already spent writing vital code in memory-unsafe languages. Writing new software in Rust doesn't address that massive backlog. The Linux kernel implementation, for example, is starting on the periphery by supporting Rust-based drivers, the programs that coordinate between an operating system and hardware like a printer.

“When you’re doing operating systems, speed and performance is always top-of-mind, and the parts that you’re running in C++ or C are usually the parts that you just can’t run in Java or other memory-safe languages, because of performance,” Google's Kleidermacher says. “So to be able to run Rust and have the same performance but get the memory safety is really cool. But it’s a journey. You can’t just go and rewrite 50 million lines of code overnight, so we’re carefully picking security-critical components, and over time we’ll retrofit other things.”

In Android, Kleidermacher says a lot of encryption-key-management features are now written in Rust, as is the private internet communication feature DNS over HTTPS, a new version of the ultra-wideband chip stack, and the new Android Virtualization Framework used in Google's custom Tensor G2 chips. He adds that the Android team is increasingly converting connectivity stacks like those for Bluetooth and Wi-Fi to Rust because they are based on complex industry standards and tend to contain a lot of vulnerabilities. In short, the strategy is to start getting incremental security benefits from converting the most exposed or vital software components to Rust first and then working inward from there. 

“Yes, it’s a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources," says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let's Encrypt. “Problems that are merely a lot of work are great."

As Rust makes the transition to mainstream adoption, the case for some type of solution to memory-safety issues seems to get made again and again every day. Just this week, a high-criticality vulnerability in the ubiquitous secure communication library OpenSSL could have been prevented if the mechanism were written in a memory-safe language. And unlike the notorious 2014 OpenSSL vulnerability Heartbleed, which lurked unnoticed for two years and exposed websites across the internet to data interception attacks, this new bug had been introduced into OpenSSL in the past few months, in spite of efforts to reduce memory-safety vulnerabilities.

“How many people right now are living the identity-theft nightmare because of a memory-safety bug? Or on a national security level, if we’re worried about cyberattacks on the United States, how much of that threat is on the back of memory-safety vulnerabilities?” Aas says. “From my point of view, the whole game now is just convincing people to put in the effort. Do we understand the threat well enough, and do we have the will.”

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign.
The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times.
According to Malwarebytes, the websites are designed to generate

A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign.

The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times.

According to Malwarebytes, the websites are designed to generate revenues through pay-per-click ads, and worse, prompt users to install cleaner apps on their phones with the goal of deploying additional malware.

The list of apps is as follows -

*   Bluetooth App Sender (com.bluetooth.share.app) - 50,000+ downloads
*   Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices) - 1,000,000+ downloads
*   Driver: Bluetooth, Wi-Fi, USB (com.driver.finder.bluetooth.wifi.usb) - 10,000+ downloads
*   Mobile transfer: smart switch (com.mobile.faster.transfer.smart.switch) - 1,000+ downloads

It's no surprise that malicious apps have devised new ways to get past Google Play Store security protections. One of the more popular tactics adopted by threat actors is to introduce time-based delays to conceal their malicious behavior.

Malwarebytes' analysis found the apps to have an approximately four-day waiting period before opening the first phishing site in Chrome browser, and then proceed to launch more tabs every two hours.

The apps are part of a broader malware operation called HiddenAds, which has been active since at least June 2019 and has a track record of illicitly earning revenues by redirecting users to advertisements.

The findings also come as researchers from Guardio Labs disclosed details of a malvertising campaign dubbed Dormant Colors that leverages rogue Google Chrome and Microsoft Edge extensions to hijack user search queries to an actor-controlled domain.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites

Underwater cables keep the internet online. When they congregate in one place, things get tricky.

The Asia-Africa-Europe-1 internet cable travels 15,500 miles along the seafloor, connecting Hong Kong to Marseille, France. As it snakes through the South China Sea and toward Europe, the cable helps provide internet connections to more than a dozen countries, from India to Greece. When the cable was cut on June 7, millions of people were plunged offline and faced temporary internet blackouts.

The cable, also known as AAE-1, was severed where it briefly passes across land through Egypt. One other cable was also damaged in the incident, with the cause of the damage unknown. However, the impact was immediate. “It affected about seven countries and a number of over-the-top services,” says Rosalind Thomas, the managing director of SAEx International Management, which plans to create a new undersea cable connecting Africa, Asia, and the US. “The worst was Ethiopia, that lost 90 percent of its connectivity, and Somalia thereafter also 85 percent.” Cloud services belonging to Google, Amazon, and Microsoft were all also disrupted, subsequent analysis revealed.

While connectivity was restored in a few hours, the disruption highlights the fragility of the world’s 550-plus subsea internet cables, plus the outsized role Egypt and the nearby Red Sea have in the internet’s infrastructure. The global network of underwater cables forms a large part of the internet’s backbone, carrying the majority of data around the world and eventually linking up to the networks that power cell towers and Wi-Fi connections. Subsea cables connect New York to London and Australia to Los Angeles.

Sixteen of these submarine cables—which are often no thicker than a hosepipe and are vulnerable to damage from ships’ anchors and earthquakes—pass 1,200 miles through the Red Sea before they hop over land in Egypt and get to the Mediterranean Sea, connecting Europe to Asia. The last two decades have seen the route emerge as one of the world’s largest internet chokepoints and, arguably, the internet’s most vulnerable place on Earth. (The region, which also includes the Suez Canal, is also a global choke point for shipping and the movement of goods. Chaos ensued when the container ship _Ever Given_ got wedged in the canal in 2021.)

“Where there are chokepoints, there are single points of failure,” Nicole Starosielski, an associate professor of media, culture, and communication at New York University and an author on submarine cables. “Because it's a site of intense concentration of global movement, that does make it more vulnerable than many places around the world.”

The area has also recently gained attention from the European Parliament, which in a June report highlighted it as a risk for widespread internet disruption. “The most vital bottleneck for the EU concerns the passage between the Indian Ocean and the Mediterranean via the Red Sea because the core connectivity to Asia runs via this route,” the report says, flagging extremism and maritime terrorism are risks in the area.

Pyramid Scheme

Look at Egypt on a map of the world’s subsea internet cables and it immediately becomes clear why internet experts have been concerned about the area for years. The 16 cables in the area are concentrated through the Red Sea and touch land in Egypt, where they make a 100-mile journey across the country to reach the Mediterranean Sea. (Cable maps don’t show the exact locations of cables.)

It has been estimated that around 17 percent of the world’s internet traffic travels along these cables and passes through Egypt. Alan Mauldin, the research director of telecoms market research firm TeleGeography, says last year the region had 178 terabits of capacity, or 178,000,000 Mbps—the US has median home internet speeds of 167 Mbps.

The Most Vulnerable Place on the Internet

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

Released October 24, 2022

**Apple Neural Engine**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: The issue was addressed with improved memory handling. 

CVE-2022-32932: Mohamed Ghannam (@\_simo36)

Entry added October 27, 2022

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to modify protected parts of the file system

Description: This issue was addressed by removing additional entitlements.

CVE-2022-42825: Mickey Jin (@patch1t)

**Audio**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: The issue was addressed with improved memory handling.

CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative

Entry added October 27, 2022

**AVEVideoEncoder**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-32940: ABC Research s.r.o.

**Backup**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to access iOS backups

Description: A permissions issue was addressed with additional restrictions. 

CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 27, 2022

**CFNetwork**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation.

CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)

**Core Bluetooth**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to record audio using a pair of connected AirPods

Description: This issue was addressed with improved entitlements.

CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**FaceTime**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A user may be able to view restricted content from the lock screen 

Description: A lock screen issue was addressed with improved state management. 

CVE-2022-32935: Bistrit Dahal

Entry added October 27, 2022

**GPU Drivers**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32947: Asahi Lina (@LinaAsahi)

**Graphics Driver**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: The issue was addressed with improved bounds checks. 

CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin

Entry added October 27, 2022

**IOHIDFamily**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may cause unexpected app termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs

**IOKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-42806: Tingting Yin of Tsinghua University

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management. 

CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: A race condition was addressed with improved locking. 

CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges 

Description: The issue was addressed with improved bounds checks.

CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: A logic issue was addressed with improved checks. 

CVE-2022-42801: Ian Beer of Google Project Zero

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32924: Ian Beer of Google Project Zero

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A remote user may be able to cause kernel code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42808: Zweig of Kunlun Lab

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42827: an anonymous researcher

**Model I/O**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing a maliciously crafted USD file may disclose memory contents 

Description: The issue was addressed with improved memory handling. 

CVE-2022-42810: Xingwei Lin (@xwlin\_roy) and Yinyi Wu of Ant Security Light-Year Lab

Entry added October 27, 2022

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A buffer overflow may result in arbitrary code execution 

Description: The issue was addressed with improved bounds checks. 

CVE-2022-32941: an anonymous researcher

Entry added October 27, 2022

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-42829: an anonymous researcher

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42830: an anonymous researcher

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-42831: an anonymous researcher

CVE-2022-42832: an anonymous researcher

**Safari**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: A logic issue was addressed with improved state management.

CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago

Entry added October 27, 2022

**Sandbox**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

**Shortcuts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A shortcut may be able to check the existence of an arbitrary path on the file system

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Visiting a malicious website may lead to user interface spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243693  
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

WebKit Bugzilla: 244622  
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 245058  
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

**WebKit PDF**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 242781  
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose internal states of the app

Description: A correctness issue in the JIT was addressed with improved checks.

WebKit Bugzilla: 242964  
CVE-2022-32923: Wonyoung Jung (@nonetype\_pwn) of KAIST Hacking Lab

Entry added October 27, 2022

**Wi-Fi**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app 

Description: The issue was addressed with improved memory handling.

CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan

Entry added October 27, 2022

**zlib**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A user may be able to cause unexpected app termination or arbitrary code execution 

Description: This issue was addressed with improved checks.

CVE-2022-37434: Evgeny Legerov

CVE-2022-42800: Evgeny Legerov

Entry added October 27, 2022

CVE-2022-32946: About the security content of iOS 16.1 and iPadOS 16

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.

Released October 27, 2022

**Apple Neural Engine**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32932: Mohamed Ghannam (@\_simo36)

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: The issue was addressed with improved memory handling.

CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative

**Backup**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to access iOS backups

Description: A permissions issue was addressed with additional restrictions.

CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the lock screen

Description: A lock screen issue was addressed with improved state management.

CVE-2022-32935: Bistrit Dahal

**Graphics Driver**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin

**Image Processing**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32949: Tingting Yin of Tsinghua University

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42827: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved checks.

CVE-2022-42801: Ian Beer of Google Project Zero

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: The issue was addressed with improved memory handling.

CVE-2022-42810: Xingwei Lin (@xwlin\_roy) and Yinyi Wu of Ant Security Light-Year Lab

**ppp**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A buffer overflow may result in arbitrary code execution

Description: The issue was addressed with improved bounds checks.

CVE-2022-32941: an anonymous researcher

**Safari**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: A logic issue was addressed with improved state management.

CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may disclose internal states of the app

Description: A correctness issue in the JIT was addressed with improved checks.

WebKit Bugzilla: 242964  
CVE-2022-32923: Wonyoung Jung (@nonetype\_pwn) of KAIST Hacking Lab

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app

Description: The issue was addressed with improved memory handling.

CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan

**zlib**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-37434: Evgeny Legerov

CVE-2022-42800: Evgeny Legerov

CVE-2022-32929: About the security content of iOS 15.7.1 and iPadOS 15.7.1

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

Released September 12, 2022

**Accelerate Framework**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-42795: ryuzaki

**AppleAVD**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee\_\_)

**GPU Drivers**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32903: an anonymous researcher

**ImageIO**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing an image may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2022-1622

**Image Processing**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

**Image Processing**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD 

Impact: An app may be able to execute arbitrary code with kernel privileges 

Description: This issue was addressed with improved checks. 

CVE-2022-32949: Tingting Yin of Tsinghua University

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)

CVE-2022-32911: Zweig of Kunlun Lab

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32914: Zweig of Kunlun Lab

**MediaLibrary**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A user may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-32908: an anonymous researcher

**Notifications**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A user with physical access to a device may be able to access contacts from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32879: Ubeydullah Sümer

**Sandbox**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

**SQLite**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2021-36690

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 242047  
CVE-2022-32888: P1umer (@p1umer)

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 242762  
CVE-2022-32891: @real\_as3617, an anonymous researcher

**Wi-Fi**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32925: Wang Yu of Cyberserval

CVE-2022-32903: About the security content of tvOS 16

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

Released September 12, 2022

**Accelerate Framework**

Available for: Apple Watch Series 4 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-42795: ryuzaki

**AppleAVD**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee\_\_)

**Apple Neural Engine**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2022-32858: Mohamed Ghannam (@\_simo36)

**Apple Neural Engine**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32898: Mohamed Ghannam (@\_simo36)

CVE-2022-32899: Mohamed Ghannam (@\_simo36)

CVE-2022-32889: Mohamed Ghannam (@\_simo36)

**Contacts**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

**Exchange**

Available for: Apple Watch Series 4 and later

Impact: A user in a privileged network position may be able to intercept mail credentials

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32928: an anonymous researcher

**GPU Drivers**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32903: an anonymous researcher

**ImageIO**

Available for: Apple Watch Series 4 and later

Impact: Processing an image may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2022-1622

**Image Processing**

Available for: Apple Watch Series 4 and later

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)

CVE-2022-32911: Zweig of Kunlun Lab

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32914: Zweig of Kunlun Lab

**Kernel**

Available for: Apple Watch Series 4 and later

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32894: an anonymous researcher

**Maps**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32883: Ron Masas of breakpointhq.com

**MediaLibrary**

Available for: Apple Watch Series 4 and later

Impact: A user may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-32908: an anonymous researcher

**Notifications**

Available for: Apple Watch Series 4 and later

Impact: A user with physical access to a device may be able to access contacts from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32879: Ubeydullah Sümer

**Sandbox**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

**Siri**

Available for: Apple Watch Series 4 and later

Impact: A user with physical access to a device may be able to use Siri to obtain some call history information

Description: A logic issue was addressed with improved state management.

CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)

**SQLite**

Available for: Apple Watch Series 4 and later

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2021-36690

**Watch app**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read a persistent device identifier

Description: This issue was addressed with improved entitlements.

CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**Weather**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved state management.

CVE-2022-32875: an anonymous researcher

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 242047  
CVE-2022-32888: P1umer (@p1umer)

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243236  
CVE-2022-32891: @real\_as3617, an anonymous researcher

**WebKit**

Available for: Apple Watch Series 4 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 243557  
CVE-2022-32893: an anonymous researcher

**Wi-Fi**

Available for: Apple Watch Series 4 and later

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32925: Wang Yu of Cyberserval

CVE-2022-32835: About the security content of watchOS 9

A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.

Released September 12, 2022

**Accelerate Framework**

Available for: iPhone 8 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-42795: ryuzaki

Entry added October 27, 2022

**AppleAVD**

Available for: iPhone 8 and later

Impact: An app may be able to cause a denial-of-service

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher

Entry added October 27, 2022

**AppleAVD**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: This issue was addressed with improved checks.

CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee\_\_)

Entry added October 27, 2022

**Apple Neural Engine**

Available for: iPhone 8 and later

Impact: An app may be able to leak sensitive kernel state

Description: The issue was addressed with improved memory handling.

CVE-2022-32858: Mohamed Ghannam (@\_simo36)

Entry added October 27, 2022

**Apple Neural Engine**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32898: Mohamed Ghannam (@\_simo36)

CVE-2022-32899: Mohamed Ghannam (@\_simo36)

CVE-2022-32889: Mohamed Ghannam (@\_simo36)

Entry added October 27, 2022

**Apple TV**

Available for: iPhone 8 and later

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with improved handling of caches.

CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 27, 2022

**Contacts**

Available for: iPhone 8 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

**Crash Reporter**

Available for: iPhone 8 and later

Impact: A user with physical access to an iOS device may be able to read past diagnostic logs

Description: This issue was addressed with improved data protection.

CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike

Entry added October 27, 2022

**DriverKit**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)

Entry added October 27, 2022

**Exchange**

Available for: iPhone 8 and later

Impact: A user in a privileged network position may be able to intercept mail credentials

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32928: an anonymous researcher

Entry added October 27, 2022

**GPU Drivers**

Available for: iPhone 8 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26744: an anonymous researcher

Entry added October 27, 2022

**GPU Drivers**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32903: an anonymous researcher

Entry added October 27, 2022

**ImageIO**

Available for: iPhone 8 and later

Impact: Processing an image may lead to a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2022-1622

Entry added October 27, 2022

**Image Processing**

Available for: iPhone 8 and later

Impact: A sandboxed app may be able to determine which app is currently using the camera

Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added October 27, 2022

**IOGPUFamily**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32887: an anonymous researcher

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-32914: Zweig of Kunlun Lab

Entry added October 27, 2022

**Kernel**

Available for: iPhone 8 and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)

CVE-2022-32911: Zweig of Kunlun Lab

Entry updated October 27, 2022

**Kernel**

Available for: iPhone 8 and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: iPhone 8 and later

Impact: An application may be able to execute arbitrary code with kernel privileges.

Description: The issue was addressed with improved bounds checks.

CVE-2022-32917: an anonymous researcher 

**Maps**

Available for: iPhone 8 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32883: Ron Masas, breakpointhq.com

**MediaLibrary**

Available for: iPhone 8 and later

Impact: A user may be able to elevate privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-32908: an anonymous researcher

**Notifications**

Available for: iPhone 8 and later

Impact: A user with physical access to a device may be able to access contacts from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-32879: Ubeydullah Sümer

Entry added October 27, 2022

**Photos**

Available for: iPhone 8 and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed with improved data protection.

CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd

Entry added October 27, 2022

**Safari**

Available for: iPhone 8 and later

Impact: Visiting a malicious website may lead to address bar spoofing

Description: This issue was addressed with improved checks.

CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati

**Safari Extensions**

Available for: iPhone 8 and later

Impact: A website may be able to track users through Safari web extensions

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 242278  
CVE-2022-32868: Michael

**Sandbox**

Available for: iPhone 8 and later

Impact: An app may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 27, 2022

**Security**

Available for: iPhone 8 and later

Impact: An app may be able to bypass code signing checks

Description: An issue in code signature validation was addressed with improved checks.

CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)

Entry added October 27, 2022

**Shortcuts**

Available for: iPhone 8 and later

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: A logic issue was addressed with improved restrictions.

CVE-2022-32872: Elite Tech Guru

**Sidecar**

Available for: iPhone 8 and later

Impact: A user may be able to view restricted content from the lock screen

Description: A logic issue was addressed with improved state management.

CVE-2022-42790: Om kothawade of Zaprico Digital

Entry added October 27, 2022

**Siri**

Available for: iPhone 8 and later

Impact: A user with physical access to a device may be able to use Siri to obtain some call history information

Description: A logic issue was addressed with improved state management.

CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/)

Entry added October 27, 2022

**SQLite**

Available for: iPhone 8 and later

Impact: A remote user may be able to cause a denial-of-service

Description: This issue was addressed with improved checks.

CVE-2021-36690

Entry added October 27, 2022

**Time Zone**

Available for: iPhone 8 and later

Impact: Deleted contacts may still appear in spotlight search results

Description: A logic issue was addressed with improved state management.

CVE-2022-32859

Entry added October 27, 2022

**Watch app**

Available for: iPhone 8 and later

Impact: An app may be able to read a persistent device identifier

Description: This issue was addressed with improved entitlements.

CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Entry added October 27, 2022

**Weather**

Available for: iPhone 8 and later

Impact: An app may be able to read sensitive location information

Description: A logic issue was addressed with improved state management.

CVE-2022-32875: an anonymous researcher

Entry added October 27, 2022

**WebKit**

Available for: iPhone 8 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 242047  
CVE-2022-32888: P1umer (@p1umer)

Entry added October 27, 2022

**WebKit**

Available for: iPhone 8 and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243236  
CVE-2022-32891: @real\_as3617, and an anonymous researcher

Entry added October 27, 2022

**WebKit**

Available for: iPhone 8 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer, afang5472, xmzyshypnc

**WebKit**

Available for: iPhone 8 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative

**WebKit Sandboxing**

Available for: iPhone 8 and later

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with improvements to the sandbox.

WebKit Bugzilla: 243181  
CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab

Entry added October 27, 2022

**Wi-Fi**

Available for: iPhone 8 and later

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32925: Wang Yu of Cyberserval

Entry added October 27, 2022

CVE-2022-32859: About the security content of iOS 16

Ubuntu Security Notice 5708-1 - Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5708-1  
November 01, 2022

backport-iwlwifi-dkms vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in backport-iwlwifi-dkms.

Software Description:  
- backport-iwlwifi-dkms: iwlwifi driver backport in DKMS format

Details:

Sönke Huster discovered that an integer overflow vulnerability existed in  
the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A  
physically proximate attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-41674)

Sönke Huster discovered that a use-after-free vulnerability existed in the  
WiFi driver stack in the Linux kernel. A physically proximate attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2022-42719)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did  
not properly perform reference counting in some situations, leading to a  
use-after-free vulnerability. A physically proximate attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did  
not properly handle BSSID/SSID lists in some situations. A physically  
proximate attacker could use this to cause a denial of service (infinite  
loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
physically proximate attacker could use this to cause a denial of service  
(system crash). This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.  
(CVE-2022-42722)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  backport-iwlwifi-dkms           9904-0ubuntu3.1

Ubuntu 22.04 LTS:  
  backport-iwlwifi-dkms           9858-0ubuntu3.1

Ubuntu 20.04 LTS:  
  backport-iwlwifi-dkms           8324-0ubuntu3~20.04.5

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5708-1  
  CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721,  
  CVE-2022-42722, https://launchpad.net/bugs/1994525

Package Information:  
  https://launchpad.net/ubuntu/+source/backport-iwlwifi-dkms/9904-0ubuntu3.1  
  https://launchpad.net/ubuntu/+source/backport-iwlwifi-dkms/9858-0ubuntu3.1  
  https://launchpad.net/ubuntu/+source/backport-iwlwifi-dkms/8324-0ubuntu3~20.04.5

Ubuntu Security Notice USN-5708-1

Categories: Android
Categories: News
A family of malicious apps from developer Mobile apps Group are on Google Play infected with HiddenAds.



(Read more...)




The post Malware on the Google Play store leads to harmful phishing sites appeared first on Malwarebytes Labs.

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads.

Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.

This follows on the heels of adware that was found on Google Play just a couple months ago from a rogue PDF reader.

**Delayed ungratification**

Our analysis of this malware starts with us finding an app named Bluetooth Auto Connect (full app information at the bottom of this article). When users first install this malicious app, it takes a couple of days before it begins to display malicious behavior.  Delaying malicious behavior is a common tactic to evade detection by malware developers.  It turns out that this app uses delays quite a bit, as you’ll discover in our analysis.

After the initial delay, the malicious app opens phishing sites in Chrome. The content of the phishing sites varies—some are harmless sites used simply to produce pay-per-click, and others are more dangerous phishing sites that attempt to trick unsuspecting users.  For example, one site includes adult content that leads to phishing pages that tell the user they've been infected, or need to perform an update.

The Chrome tabs are opened in the background even while the mobile device is locked.  When the user unlocks their device, Chrome opens with the latest site.  A new tab opens with a new site frequently, and as a result, unlocking your phone after several hours means closing multiple tabs.  The users browser history will also be a long list of nasty phishing sites.

**Deeper analysis using LogCat**

As per my last blog post, I once again used an Android OS test phone and plugged it into my laptop running _LogCat_ via good old _Android Device Monitor._ To clarify, _LogCat_ is used to observe all logs created by installed apps and the Android OS, including the logs of this malware.  The first log entry from this malware came several hours after the initial installation.

_10-20 05:11:07.504: D/sdfsdf(11987): {"adDelay":7200000,"flurryId":"YQBTHDXPVMFT3D7Z7Q92","chromeLink":"https://<phishing\_URL>.com/?ts=1666264263370&id=344","showOuterAd":true,"firstAdDelay":259200000,"versionWithNoAd":"no"}_

The first important datapoint of the log entry is what _LogCat_ calls the _Tag_.  This usually is a descriptor of the log text like _ActivityManager._ In this case, they use an obfuscated tag of _sdfsdf_ — another sign of willful deception. Diving into the _Text_ segment of the log, where the important data is stored, there are couple of key datapoints: **_adDelay_**_, **chromeLink**,_ and _**firstAdDelay**._

First, the **_chromeLink_** is the URL of the phishing site to open in Chrome. Next, let’s look at the **_firstAdDelay_** datapoint with the value of _259200000._ This value is the length of delay to displaying the first ad in milliseconds—seventy-two hours. Add the several hours to this delay before the log entry is created, and you have roughly four days from the time the malicious app is installed to when it displays the first ad in Chrome. 

Keep in mind that the delay length of each malware app varies.  Additionally, after the first ad is displayed, it then has an **_adDelay_** of _7200000_, or two hours.  It's unclear if that means to wait an additional two hours after the first ad delay, or display another ad two hours after the first ad.  Regardless, it is another example of using delays to obfuscate detection.  These type of log entries are recorded every fifteen minutes, constantly setting new time released ads.

After the delay time ends, the ad is then triggered to display.  At this instant, it creates additional log entries using _tag_ _ActivityManager_.

_10-24 08:26:30.476: I/ActivityManager(765): START u0 {act=android.intent.action.VIEW dat=https://_ _<phishing\_URL>.com/... flg=0x14002000 pkg=com.android.chrome cmp=com.android.chrome/org.chromium.chrome.browser.ChromeTabbedActivity (has extras)} from uid 10062_

_10-24 08:26:31.026: W/ActivityManager(765): Activity pause timeout for ActivityRecord{736d893 u0 com.android.chrome/org.chromium.chrome.browser.ChromeTabbedActivity t11780}_

These log entries are representative of when Chrome opens a new tab with a phishing site using activity _ChromeTabbedActivity._ After that point, unlocking the mobile device will reveal the ad.

**Tracing it back to code**

Now that we have _LogCat_ entries, the next step in our analysis is to trace back to where in the code this malicious behavior is happening.  To do that, we first need to look in the app’s _Manifest_ file.

The _Manifest_ file is basically a guide for the Android OS to use to run activities, services, and receivers of an app.  Each activity, service, and receiver contains code to be ran. Every Android app has a _Manifest_ file.

Many times, the activities, services, and receivers used by a particular malware is unique.  However, at first glance at this malware it is hard to tell which activities, services, or receivers are running the malicious code.  This is where the _LogCat_ entries can assist.  These logs are the _smoking gun_ of exactly what activities, services, or receivers are triggering malicious behavior. Ironically, their attempt to obfuscate detection using a _LogCat_ _tag_ of _sdfsdf_ made tracking the culprit easy. A quick search of _sdfsdf_ in the code reveals it traces back to service name _com.github.libpackage.service.PushService_, and activity name _com.github.libpackage.view.NotificationActivity._ The use of the popular GitHub in the naming convention is yet another blatant attempt to obfuscate detection.  From there, we were able to further verify using the additional datapoints from the _LogCat_ _text._

**History of HiddenAds**

Continuing to focus on Bluetooth Auto Connect, this app has had a long history of being infected with different variants of HiddenAds.  Note that other apps from _Mobile apps Group_ have a similar history. 

*   Date of release 2020-12-??: Bluetooth Auto Connect v1.4 infected wtih Android/Trojan.HiddenAds.llib
    
*   Date of release 2021-01-05: Bluetooth Auto Connect v1.8 infected wtih Android/Trojan.HiddenAds.llib
*   Date of release 2021-01-11: Bluetooth Auto Connect v1.9 infected wtih Android/Trojan.HiddenAds.llib
*   Date of release 2021-01-19: Bluetooth Auto Connect v2.2 infected wtih Android/Trojan.HiddenAds.llib
*   Date of release 2021-01-22: Bluetooth Auto Connect v2.3 clean
*   Date of release 2021-02-09: Bluetooth Auto Connect v2.6 infected wtih Android/Trojan.HiddenAds.ATASHT
*   Date of release 2021-02-10: Bluetooth Auto Connect v2.7 infected wtih Android/Trojan.HiddenAds.ATASHT
*   Date of release 2021-02-12: Bluetooth Auto Connect v2.9 infected wtih Android/Trojan.HiddenAds.ATASHT
*   Date of release 2021-02-26: Bluetooth Auto Connect v3.0 clean
*   Date of release 2021-03-04: Bluetooth Auto Connect v3.1 clean
*   Date of release 2021-04-26: Bluetooth Auto Connect v3.8 clean
*   Date of release 2021-06-11: Bluetooth Auto Connect v4.0 clean
*   Date of release 2021-07-22: Bluetooth Auto Connect v4.1 clean
*   Date of release 2021-10-21: Bluetooth Auto Connect v4.5 clean
*   Date of release 2021-12-15: Bluetooth Auto Connect v4.6 infected wtih Android/Trojan.HiddenAds.BTGTHB
*   Date of release 2021-10-21: Bluetooth Auto Connect v4.8 infected wtih Android/Trojan.HiddenAds.BTGTHB
*   Date of release 2022-08-02: Bluetooth Auto Connect v5.4 infected wtih Android/Trojan.HiddenAds.BTGTHB
*   Date of release 2022-08-17: Bluetooth Auto Connect v5.5 infected wtih Android/Trojan.HiddenAds.BTGTHB
*   Date of release 2022-10-12: Bluetooth Auto Connect v5.7 infected wtih Android/Trojan.HiddenAds.BTGTHB (current version on Google Play)

It is disappointing that _Mobile apps Group_ has persisted on the Google Play store after having malicious apps in the past — twice!  It's unclear if previous malicious versions from before January 19, 2022—versions 2.2 and before—were ever caught by Google Play.  Since version 2.3 was clean, it seems likely that the developers were caught and uploaded a clean version.

What we do know is that DrWeb blogged about Bluetooth Auto Connect v2.5 having what it calls Adware.NewDich back in February 24, 2021.  We can only assume Google Play took action at that point by removing the most current malicious version at the time of the writing—version 2.9.  However, on February 26, just two days after the DrWeb blog, the developers released the clean version 3.0 onto Google Play. That meant _Mobile apps Group_ remained on Google Play without even a probation period.

As a result of having two strikes from Google Play, the developers cleaned up their act from version 3.0 to 4.5, or Febraury 26 to October 10, 2021.  Then, on December 15, 2021, the developers released the code for the most current HiddenAds variant in version 4.6.  Now on version 5.7, that malicious code remains to this date.  A run of over ten months with malicious code on Google Play.  Perhaps its time to say three strikes and you're out to _Mobile apps Group._

**More than just adware**

With all the evidence of malicious behaviors, one can only assume this is more than just adware that's surpassing Google Play Protect detection. With a heavy dose of obfuscation and harmful phishing sites, this is clearly the malware we know as Trojan HiddenAds. Thanks to our Malwarebytes support team and our customers, we were able to track down this nasty malware.  As always, you can remediate using our free scanner, Malwarebytes Mobile Security.

**App information**

Package name: com.bluetooth.autoconnect.anybtdevices

App name: Bluetooth Auto Connect

Developer: Mobile apps Group

MD5: C28A12CE5366960B34595DCE8BFB4D15

Google Play URL: https://play.google.com/store/apps/details?id=com.bluetooth.autoconnect.anybtdevices

Package name: com.driver.finder.bluetooth.wifi.usb

App Name: Driver: Bluetooth, Wi-Fi, USB

Developer: Mobile apps Group

MD5: 9BC55834B713B506E92B3787BE83F079

Google Play URL: https://play.google.com/store/apps/details?id=com.driver.finder.bluetooth.wifi.usb

Package name: com.bluetooth.share.app

App Name: Bluetooth App Sender

Developer: Mobile apps Group

MD5: F764F5A04859EC544685E30DE4BD3240

Google Play URL: https://play.google.com/store/apps/details?id=com.bluetooth.share.app

Package name: com.mobile.faster.transfer.smart.switch

App Name: Mobile transfer: smart switch

Developer: Mobile apps Group

MD5: AEA33292113A22F46579F5E953596491

Google Play URL: https://play.google.com/store/apps/details?id=com.mobile.faster.transfer.smart.switch

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#wifi