ID

VAR-202203-0154


CVE

CVE-2022-22640


TITLE

Apple iOS and Apple iPadOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-1257

DESCRIPTION

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-2 watchOS 8.5 watchOS 8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213193. Accelerate Framework Available for: Apple Watch Series 3 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat. ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) libarchive Available for: Apple Watch Series 3 and later Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. CVE-2021-36976 MediaRemote Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: An access issue was addressed with improved access restrictions. CVE-2022-22670: Brandon Azad Phone Available for: Apple Watch Series 3 and later Impact: A user may be able to bypass the Emergency SOS passcode prompt Description: This issue was addressed with improved checks. CVE-2022-22618: Yicong Ding (@AntonioDing) Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Safari Available for: Apple Watch Series 3 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: A user interface issue was addressed. CVE-2022-22654: Abdullah Md Shaleh of take0ver Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran Siri Available for: Apple Watch Series 3 and later Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) UIKit Available for: Apple Watch Series 3 and later Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: Apple Watch Series 3 and later Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Additional recognition AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance. Bluetooth We would like to acknowledge an anonymous researcher for their assistance. Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance. Safari We would like to acknowledge Konstantin Darutkin of FingerprintJS (fingerprintjs.com) for their assistance. Shortcuts We would like to acknowledge Baibhav Anand Jha of Streamers Land for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. Wallet We would like to acknowledge an anonymous researcher for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0XwACgkQeC9qKD1p rhg7xg/+OVmgvQa8AfIpDqKoFyJQxRWv5eurCr0FWdtmUFmaqSZx1/gIGApxEIX9 Y2b9tEvhejRuUOkX4vpJcYvDsad6NvColSho5it16Hj3aRU3R4VseRmsVbaTwoap MQWRT+EHtB1zWOz9kGTFN6xScPVpnc18IrACQqO5SYB/ovvA6iNlee5OoQtWANd9 0Wm9/MHwVUng2MXmjeDNZ5C8cHt41W4/8brZFBqoThDeaGb+dx/KLNzlzIpN7ttC eCD2xXo6F+Q5uKUuwZHVm2g+PyV6CmeBtZYHGzGGo18fLLreBq7oUBf+KNzRxdTG x517r3SfjnwScVO/NJXa33fWHOrlNWvNwOHPsp1JgX1B/YVGSoJDIWxu3kAdOQ6b Z5ts7CIV8MOchvYG64UVO/Lt4e2/ABlkxF5vRD0k2KRIOWQh7mvTy0b4Reu2sbGF t088QoinhRgWU+JXYSUZ4Nex5lelcF9F2SlOh2CS+VmvfzatV0NiTTPTknP+2/pZ sLPO3oEmoqYczdviEtAZ3ghSrPWqqx1W2xBvnCTlteIZiIprgU/ZOcLaQiaHZ5c5 GKyxZCgguW40SzjrcdnbN9KSk+Pwta5oiKhzA43M+fl25jIic1rTvQIc91uL6/7O 9BSRyu2ZW0bfZEkgjPQF2ui4IBfZ81ayEsmh/e41JCbXnGvNFtY=K1Lq -----END PGP SIGNATURE-----

Trust: 1.26

sources: NVD: CVE-2022-22640 // VULHUB: VHN-411268 // VULMON: CVE-2022-22640 // PACKETSTORM: 166316 // PACKETSTORM: 166318

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.4

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.4

Trust: 1.0

sources: NVD: CVE-2022-22640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22640
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202203-1257
value: HIGH

Trust: 0.6

VULHUB: VHN-411268
value: HIGH

Trust: 0.1

VULMON: CVE-2022-22640
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22640
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-411268
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22640
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-411268 // VULMON: CVE-2022-22640 // CNNVD: CNNVD-202203-1257 // NVD: CVE-2022-22640

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-411268 // NVD: CVE-2022-22640

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1257

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1257

PATCH

title:Apple iOS and Apple iPadOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=186771

Trust: 0.6

title:Apple: iOS 15.4 and iPadOS 15.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=14b60b166a667fc4faf52d81847a180a

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22640 // CNNVD: CNNVD-202203-1257

EXTERNAL IDS

db:NVDid:CVE-2022-22640

Trust: 2.0

db:PACKETSTORMid:166318

Trust: 0.8

db:CS-HELPid:SB2022031439

Trust: 0.6

db:CNNVDid:CNNVD-202203-1257

Trust: 0.6

db:PACKETSTORMid:166316

Trust: 0.2

db:VULHUBid:VHN-411268

Trust: 0.1

db:VULMONid:CVE-2022-22640

Trust: 0.1

sources: VULHUB: VHN-411268 // VULMON: CVE-2022-22640 // PACKETSTORM: 166316 // PACKETSTORM: 166318 // CNNVD: CNNVD-202203-1257 // NVD: CVE-2022-22640

REFERENCES

url:https://support.apple.com/en-us/ht213182

Trust: 2.4

url:https://support.apple.com/en-us/ht213183

Trust: 1.8

url:https://support.apple.com/en-us/ht213186

Trust: 1.8

url:https://support.apple.com/en-us/ht213193

Trust: 1.8

url:https://cxsecurity.com/cveshow/cve-2022-22640/

Trust: 0.6

url:https://packetstormsecurity.com/files/166318/apple-security-advisory-2022-03-14-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031439

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22609

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22612

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22670

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22637

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22666

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22613

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22621

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22600

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22640

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22638

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22611

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22632

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22614

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht213182

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

url:https://support.apple.com/ht213186.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22636

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22635

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22654

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22599

Trust: 0.1

url:https://support.apple.com/ht213193.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22596

Trust: 0.1

sources: VULHUB: VHN-411268 // VULMON: CVE-2022-22640 // PACKETSTORM: 166316 // PACKETSTORM: 166318 // CNNVD: CNNVD-202203-1257 // NVD: CVE-2022-22640

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 166316 // PACKETSTORM: 166318

SOURCES

db:VULHUBid:VHN-411268
db:VULMONid:CVE-2022-22640
db:PACKETSTORMid:166316
db:PACKETSTORMid:166318
db:CNNVDid:CNNVD-202203-1257
db:NVDid:CVE-2022-22640

LAST UPDATE DATE

2024-08-14T12:20:03.477000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411268date:2022-10-24T00:00:00
db:VULMONid:CVE-2022-22640date:2022-10-24T00:00:00
db:CNNVDid:CNNVD-202203-1257date:2022-10-25T00:00:00
db:NVDid:CVE-2022-22640date:2022-10-24T19:27:31.730

SOURCES RELEASE DATE

db:VULHUBid:VHN-411268date:2022-03-18T00:00:00
db:VULMONid:CVE-2022-22640date:2022-03-18T00:00:00
db:PACKETSTORMid:166316date:2022-03-15T15:46:52
db:PACKETSTORMid:166318date:2022-03-15T15:48:26
db:CNNVDid:CNNVD-202203-1257date:2022-03-14T00:00:00
db:NVDid:CVE-2022-22640date:2022-03-18T18:15:14.380