In addition to today’s Apple software updates for iPhone, iPad, Mac, Apple Watch and more, they also fix various security issues. iOS 15.3 specifically patches 10 noteworthy security vulnerabilities, ranging from Safari web browsing leaks to vulnerabilities that could grant root privileges to malicious apps.
We knew that the web browsing and Google Account ID vulnerabilities were patched ahead of time when RC versions of iOS 15.3 and macOS 12.2 arrived. However, Apple has now detailed the full list of security patches, showing Documentation for iOS 15.3, watchOS 8.4, and more.
macOS 12.2 may contain the same fix, but Apple has not yet released a security update for it.
In addition to the Safari web browsing vulnerability, other security issues have been patched, including the ability for apps to gain root privileges, the ability to execute arbitrary code with kernel privileges, incorrect access to user files via iCloud, and more.
Color Sync
Applicable to: iPhone 6s and newer models, iPad Pro (all models), iPad Air 2 and newer models, iPad 3rd 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary code execution
Description: Already Address memory corruption issues with improved validation.
CVE-2022-22584: Mickey Jin from Trend Micro (@patch1t)
Crash Reporter
Applies to: iPhone 6s and newer , iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Malicious Applications The program may be able to gain root privileges
Description: A logic issue has been resolved through improved validation.
CVE-2022-22578: Anonymous researcher
iCloud
Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to access the user's files
Description: An issue exists in the path validation logic of symbolic links. This issue has been addressed with improved path cleaning.
CVE-2022-22585: Huo Zhipeng (@ R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)
IOMobileFrameBuffer
Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th Generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that this issue may be actively exploited.
Description: A memory corruption issue has been addressed with improved input validation.
CVE-2022-22587: Anonymous Researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Labs, Siddharth Aeri (@b1n4r1b01)
Core
Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue has been addressed through improved memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng from STAR Labs
Model input/output
Applies to: iPhone 6s and newer , iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Addressing malicious Crafted STL files may lead to unexpected application termination or arbitrary code execution
Description: An information leak issue has been addressed through improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) by Trend Micro
Network Suite
Applies to: iPhone 6s and later , iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Addressing malicious Crafted emails may cause arbitrary javascript to be run
Description: A validation issue has been addressed with improved input sanitization.
CVE-2022-22589: Heige of the KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Network Suite
Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (th Generation 7)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use-after-free issue has been addressed through improved memory management.
CVE-2022-22590: Toan Pham from Ocean Security Team Orca (security.sea.com)
Network Suite
Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th Generation)
Impact: Processing maliciously crafted web content may prevent enforcement of content security policies
Description: A logic issue has been resolved through improved state management.
CVE-2022-22592: Prakash (@1lastBr3ath)
WebKit Storage
Applies to: iPhone 6s and later, iPad Pro ( All models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A website may be able to track sensitive User Information
Description: A cross-domain issue in the IndexDB API has been resolved through improved input validation.
CVE-2022-22594: Martin Bajanik of FingerprintJS
The above is the detailed content of iOS 15.3 patches 10 major security vulnerabilities affecting Safari, root access, and more. For more information, please follow other related articles on the PHP Chinese website!