ID

VAR-202210-2055


CVE

CVE-2022-32907


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022854

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. apple's iOS , tvOS , watchOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-11 tvOS 16 tvOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213487. Accelerate Framework Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__) GPU Drivers Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Image Processing Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Image Processing Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32949: Tingting Yin of Tsinghua University Entry added October 27, 2022 Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab MediaLibrary Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher Notifications Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer Sandbox Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security SQLite Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690 WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 242762 CVE-2022-32891: @real_as3617, an anonymous researcher Wi-Fi Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval Additional recognition AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance. Identity Services We would like to acknowledge Joshua Jones for their assistance. Kernel We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge Aleczander Ewing for their assistance. WebKit We would like to acknowledge an anonymous researcher for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpUACgkQ4RjMIDke NxmVqQ//euIvh3eN5tjkLRIDWFgteGsdR3O6GXKVcZvCiOI7EdmCksA7/3uIo3m2 wAXO/XJB5GDbxwHpyIlaN6eSlQnAhUTeYuDZGTyyUKwRmyj0oYu0IQw9C1xrGefA LDEqYiTwx7sQnuC6ijirFdHSO0uM+YEHCm0OZ4v2dGBJKAdIFN/5b0jq6/Y9NnWL EHSL5BLhOOEBxWoi4K2tbbE+ty8+Zqk0GrUJxaWQ7vCKPD8Ts2sNb7JAAVu5WQDY bmOyWpusZ1evUE/N0nZdqWFTwAXCTfH+4xZ4IXHTUFuHPIXuJ/2ySeqzYjldY75Q vGVCy1b4wtd+C9XD7QGbpd3MHrkECZMI8pWbHkCB53Io1+zdaKiv+xmtSl0ZlFyL 8f/FsR34FMzQPAhlZec60hIKHh83Lr7pOK5KrPNgAECTlxtBYD7Teau+qqTYFQgN pW5/4WtXhVpje5ILu3xzUmqBWk7QPNa7b0PdPLu6OjxE9iMVJF+p8Suk739Ex2H7 81uJp89tTE3UYXvhxaMYP2L0tbrEydlz+wGGI35+jrt4S82FsmvJvV9lqT8NubIG /IakSGMMlYoyb4JcCN3MJCXs2C48iydCPE4g7yaEhg4qNpcXfANdEzRh/KAenSwq bWic5nC6dxWqD4OXjyfjmpkvrq5B2lg87WesDkqMh9oJ9uWBTh8= =Aea8 -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2022-32907 // JVNDB: JVNDB-2022-022854 // VULHUB: VHN-424996 // PACKETSTORM: 169589

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.0

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.0

Trust: 1.0

vendor:アップルmodel:watchosscope:eqversion:9.0

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022854 // NVD: CVE-2022-32907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32907
value: HIGH

Trust: 1.0

NVD: CVE-2022-32907
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-2520
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32907
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-32907
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022854 // CNNVD: CNNVD-202210-2520 // NVD: CVE-2022-32907

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022854 // NVD: CVE-2022-32907

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-2520

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-2520

PATCH

title:HT213486 Apple  Security updateurl:https://support.apple.com/en-us/HT213446

Trust: 0.8

title:Apple tvOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=212875

Trust: 0.6

sources: JVNDB: JVNDB-2022-022854 // CNNVD: CNNVD-202210-2520

EXTERNAL IDS

db:NVDid:CVE-2022-32907

Trust: 3.4

db:PACKETSTORMid:169930

Trust: 2.5

db:PACKETSTORMid:169589

Trust: 0.8

db:JVNDBid:JVNDB-2022-022854

Trust: 0.8

db:AUSCERTid:ESB-2022.5462

Trust: 0.6

db:AUSCERTid:ESB-2022.5473

Trust: 0.6

db:CNNVDid:CNNVD-202210-2520

Trust: 0.6

db:VULHUBid:VHN-424996

Trust: 0.1

sources: VULHUB: VHN-424996 // JVNDB: JVNDB-2022-022854 // PACKETSTORM: 169589 // CNNVD: CNNVD-202210-2520 // NVD: CVE-2022-32907

REFERENCES

url:http://packetstormsecurity.com/files/169930/appleavd-appleavduserclient-decodeframefig-memory-corruption.html

Trust: 3.1

url:https://support.apple.com/en-us/ht213446

Trust: 1.7

url:https://support.apple.com/en-us/ht213486

Trust: 1.7

url:https://support.apple.com/en-us/ht213487

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32907

Trust: 0.9

url:https://packetstormsecurity.com/files/169589/apple-security-advisory-2022-10-27-11.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5462

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5473

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32907/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-32866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32888

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32891

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36690

Trust: 0.1

url:https://support.apple.com/ht213487.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32864

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32912

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32908

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32911

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32886

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32881

Trust: 0.1

sources: VULHUB: VHN-424996 // JVNDB: JVNDB-2022-022854 // PACKETSTORM: 169589 // CNNVD: CNNVD-202210-2520 // NVD: CVE-2022-32907

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 169589

SOURCES

db:VULHUBid:VHN-424996
db:JVNDBid:JVNDB-2022-022854
db:PACKETSTORMid:169589
db:CNNVDid:CNNVD-202210-2520
db:NVDid:CVE-2022-32907

LAST UPDATE DATE

2024-08-14T13:13:34.537000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424996date:2023-01-27T00:00:00
db:JVNDBid:JVNDB-2022-022854date:2023-11-21T02:27:00
db:CNNVDid:CNNVD-202210-2520date:2022-11-21T00:00:00
db:NVDid:CVE-2022-32907date:2023-01-27T19:23:39.727

SOURCES RELEASE DATE

db:VULHUBid:VHN-424996date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022854date:2023-11-21T00:00:00
db:PACKETSTORMid:169589date:2022-10-31T14:51:24
db:CNNVDid:CNNVD-202210-2520date:2022-10-31T00:00:00
db:NVDid:CVE-2022-32907date:2022-11-01T20:15:19.103