ID

VAR-202210-1627


CVE

CVE-2022-32946


TITLE

Apple iOS and iPadOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1663

DESCRIPTION

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 iOS 16.1 and iPadOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213489. Apple Neural Engine Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32932: Mohamed Ghannam (@_simo36) Entry added October 27, 2022 AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Audio Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022 AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o. Backup Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access iOS backups Description: A permissions issue was addressed with additional restrictions. CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022 CFNetwork Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu) Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to record audio using a pair of connected AirPods Description: This issue was addressed with improved entitlements. CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes) FaceTime Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022 GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi) Graphics Driver Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin Entry added October 27, 2022 IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs IOKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022 Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32924: Ian Beer of Google Project Zero Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher Model I/O Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022 ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022 ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher Safari Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a maliciously crafted website may leak sensitive data Description: A logic issue was addressed with improved state management. CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago Entry added October 27, 2022 Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun) WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University WebKit PDF Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022 Wi-Fi Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Joining a malicious Wi-Fi network may result in a denial-of- service of the Settings app Description: The issue was addressed with improved memory handling. CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan Entry added October 27, 2022 zlib Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022 Additional recognition iCloud We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance. Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance. WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpsACgkQ4RjMIDke NxmS+w/8CfYJzSjrC2joLy6lOCg9Za2Mzc1+ynFTuVWud63t8zhif2lLU8Y+TOrG xUbstKDPw3ehwBBn97ZSkSoj3d+F+liPsUV5Udf1yssSF/5Ce7owa/V2KMCjliAr 1EvPOaiyXH94zrh+ddsTdikzDtNdseaYhSoYH4cQao/LPZx8bw4VSCxpQxSfOmoE /rSmqkq1wDpTXeLmHeQVBdLpM+QcEcpCkoQIpmeu3ntFhQrD3L9eAXcy3K7iI7qE Q/gTebUwLsLIhN6SrTu/sQaScErmOZqguOCTjPnkg9YQNxgu3jVuSlHuCWEZTvxq wqsHRSOMCU6xe7w3QPFsQmiMevFgRgWwuMTcCDIAaCTJTJ4Bx0mUirVCjFzEk8+w P6IScr4pearsQd31LSsu7OuirUmm/7ZH1XcAPdiDO4acorZNkt5Nzlf+x1Atls8j oMdrh0l2W44mvCgKtqPM0hz7xTTEwiyml7RWdz8Uf4qwjXjmZLt+Nt3GRGZ60JO6 fTkUHPhL/VnJz4rc90Zn+9LSK5u6JAQ6T16OA6CNqQ6ZFeN80zSzdSEzLuQC0FnL 08VhWzJNguA/xHidywQNeGqlhfT4posy6EDHp/9Q9heu/L1uRn/d1B5yxDpc2cyV w+AMI214/xT1VbJ9NMY3dXJBoVaDzhvC31ydXKPaCgCqc/mrlUo= =ULJl -----END PGP SIGNATURE-----

Trust: 1.17

sources: NVD: CVE-2022-32946 // VULHUB: VHN-425035 // PACKETSTORM: 169558 // PACKETSTORM: 169550

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.1

Trust: 1.0

sources: NVD: CVE-2022-32946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32946
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-1663
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32946
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202210-1663 // NVD: CVE-2022-32946

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-32946

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1663

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1663

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-425035

PATCH

title:Apple iOS and iPadOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212490

Trust: 0.6

sources: CNNVD: CNNVD-202210-1663

EXTERNAL IDS

db:NVDid:CVE-2022-32946

Trust: 1.9

db:PACKETSTORMid:169558

Trust: 0.8

db:CNNVDid:CNNVD-202210-1663

Trust: 0.7

db:AUSCERTid:ESB-2022.5303

Trust: 0.6

db:PACKETSTORMid:169550

Trust: 0.2

db:VULHUBid:VHN-425035

Trust: 0.1

sources: VULHUB: VHN-425035 // PACKETSTORM: 169558 // PACKETSTORM: 169550 // CNNVD: CNNVD-202210-1663 // NVD: CVE-2022-32946

REFERENCES

url:https://support.apple.com/en-us/ht213489

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-32946/

Trust: 0.6

url:https://packetstormsecurity.com/files/169558/apple-security-advisory-2022-10-27-2.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5303

Trust: 0.6

url:https://support.apple.com/ht213489.

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32924

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32940

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32922

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32938

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32946

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32932

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32939

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32941

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42808

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42820

Trust: 0.1

sources: VULHUB: VHN-425035 // PACKETSTORM: 169558 // PACKETSTORM: 169550 // CNNVD: CNNVD-202210-1663 // NVD: CVE-2022-32946

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 169558 // PACKETSTORM: 169550

SOURCES

db:VULHUBid:VHN-425035
db:PACKETSTORMid:169558
db:PACKETSTORMid:169550
db:CNNVDid:CNNVD-202210-1663
db:NVDid:CVE-2022-32946

LAST UPDATE DATE

2024-08-14T12:56:26.546000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-425035date:2023-01-09T00:00:00
db:CNNVDid:CNNVD-202210-1663date:2022-11-03T00:00:00
db:NVDid:CVE-2022-32946date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-425035date:2022-11-01T00:00:00
db:PACKETSTORMid:169558date:2022-10-31T14:21:40
db:PACKETSTORMid:169550date:2022-10-31T14:18:24
db:CNNVDid:CNNVD-202210-1663date:2022-10-24T00:00:00
db:NVDid:CVE-2022-32946date:2022-11-01T20:15:20.237