ID

VAR-202210-1532


CVE

CVE-2022-42808


TITLE

Apple watchOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. Apple watchOS is a smart watch operating system developed by Apple (Apple). Apple watchOS has a security flaw. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 iOS 16.1 and iPadOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213489. AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o. CFNetwork Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu) Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to record audio using a pair of connected AirPods Description: This issue was addressed with improved entitlements. CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes) GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi) IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs IOKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32924: Ian Beer of Google Project Zero Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun) WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University WebKit PDF Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative Additional recognition iCloud We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance. Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance. WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW0WIACgkQ4RjMIDke NxmuNw/4m3JXuBK+obHVvyb4tGoeHKNZtJi/tHr0gDMtDjr5pIlXdl2wX99eLzoG D2Dj4YtMnUhqEgQVKVcnzxQuhmdHK21TmqgWi+kHNyg0plKX0mj+1222/qjtZOdf FgCHKsR0LVLDpgjthvA9WYqwbfOMmXvSS4sEHaeSIdo+8R68GcV9yJQ98hWsxqeh YPzZ8RqtkuzeeYVD8jaxVW6l7lQ37puQ3romivRe46Wi36nkYG6wifggWMSKmeNZ 9CVs/3GT294l9GnjuIHaM2WfnHzYSEQY/eqP34SQ96UPClpJF2afBCRd3eOl8ov1 hgyhjtfJCqqfb9uzXj0ciFrLFdn8xLxsY7L+RSOwtLz0zSTfwAkAEDnL7i5EBkwn 7a2l/r6bb/W7IOC67fQWZi33SkpGPJF51oT3PLOh1RyeRFE+NYd4hMMAIo8Bg4eZ 45aAh2L7ak1T6V4PnUuG+o51oQKKRH1b/MTamVyFWffT2uX8w+hrdDVifd/K/jmD auFkibGQBmO/VWe6f5lKsDQeq5RIax6OBs8LkZQ3EMIHi9De4s5WIlPakm4qYCLW QXQKlEi8p3BI4d5kckcXjdtwRp8QiJLinq9rZFzq5U5nQ2Z4KucHrMO0h5Frqisa KsmkMjSKuPPT5GTap9Z5BVJVSOADx0hTExUE1cGBESCtnmaXrw== =3Dgs -----END PGP SIGNATURE----- . Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About"

Trust: 1.44

sources: NVD: CVE-2022-42808 // VULHUB: VHN-429661 // PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.1

Trust: 1.0

sources: NVD: CVE-2022-42808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42808
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202210-1664
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-42808
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1664 // NVD: CVE-2022-42808

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-429661 // NVD: CVE-2022-42808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-429661

PATCH

title:Apple watchOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212972

Trust: 0.6

sources: CNNVD: CNNVD-202210-1664

EXTERNAL IDS

db:NVDid:CVE-2022-42808

Trust: 2.2

db:PACKETSTORMid:169595

Trust: 0.8

db:CNNVDid:CNNVD-202210-1664

Trust: 0.7

db:AUSCERTid:ESB-2022.5305.2

Trust: 0.6

db:PACKETSTORMid:169550

Trust: 0.2

db:PACKETSTORMid:169554

Trust: 0.2

db:PACKETSTORMid:169555

Trust: 0.2

db:PACKETSTORMid:169586

Trust: 0.2

db:VULHUBid:VHN-429661

Trust: 0.1

sources: VULHUB: VHN-429661 // PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595 // CNNVD: CNNVD-202210-1664 // NVD: CVE-2022-42808

REFERENCES

url:https://support.apple.com/en-us/ht213491

Trust: 2.3

url:https://support.apple.com/en-us/ht213488

Trust: 1.7

url:https://support.apple.com/en-us/ht213489

Trust: 1.7

url:https://support.apple.com/en-us/ht213492

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2022.5305.2

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-42808/

Trust: 0.6

url:https://packetstormsecurity.com/files/169595/apple-security-advisory-2022-10-27-12.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-42808

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-32924

Trust: 0.5

url:https://support.apple.com/en-us/ht201222.

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-42799

Trust: 0.5

url:https://www.apple.com/support/security/pgp/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-32940

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-42811

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-42823

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-42813

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-42824

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32947

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-42798

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32926

Trust: 0.2

url:https://support.apple.com/ht213492.

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32923

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42801

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42803

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32944

Trust: 0.2

url:https://support.apple.com/kb/ht204641

Trust: 0.2

url:https://support.apple.com/ht213491.

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42825

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42810

Trust: 0.1

url:https://support.apple.com/ht213489.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42820

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-37434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32932

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42800

Trust: 0.1

sources: VULHUB: VHN-429661 // PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595 // CNNVD: CNNVD-202210-1664 // NVD: CVE-2022-42808

CREDITS

Apple

Trust: 0.5

sources: PACKETSTORM: 169586 // PACKETSTORM: 169554 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595

SOURCES

db:VULHUBid:VHN-429661
db:PACKETSTORMid:169586
db:PACKETSTORMid:169554
db:PACKETSTORMid:169555
db:PACKETSTORMid:169550
db:PACKETSTORMid:169595
db:CNNVDid:CNNVD-202210-1664
db:NVDid:CVE-2022-42808

LAST UPDATE DATE

2024-08-14T12:40:46.060000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-429661date:2022-11-03T00:00:00
db:CNNVDid:CNNVD-202210-1664date:2022-11-04T00:00:00
db:NVDid:CVE-2022-42808date:2022-11-03T03:54:54.173

SOURCES RELEASE DATE

db:VULHUBid:VHN-429661date:2022-11-01T00:00:00
db:PACKETSTORMid:169586date:2022-10-31T14:50:41
db:PACKETSTORMid:169554date:2022-10-31T14:19:52
db:PACKETSTORMid:169555date:2022-10-31T14:20:08
db:PACKETSTORMid:169550date:2022-10-31T14:18:24
db:PACKETSTORMid:169595date:2022-10-31T14:53:38
db:CNNVDid:CNNVD-202210-1664date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42808date:2022-11-01T20:15:23.297