High Threat Security Alert (A22-01-21): Multiple Vulnerabilities in Apple iOS and iPadOS

Description:

Apple has released iOS 15.3 and iPadOS 15.3 to fix the vulnerabilities in various Apple devices.  The list of vulnerability information can be found at:

https://support.apple.com/en-us/HT213053

Reports indicate that a memory corruption vulnerability (CVE-2022-22587) is being actively exploited in the wild and an information disclosure vulnerability (CVE-2022-22594) is also at a high risk of exploitation.  You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• iPhone 6s and later
• iPad 5th generation and later, Air 2 and later, mini 4 and later, Pro (all models)
• iPod touch (7th generation)

Impact:

A successful exploitation could lead to arbitrary code execution, information disclosure, privilege escalation, or security restriction bypass on an affected device.

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://support.apple.com/en-us/HT213053
• https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20220127
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22578
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22579
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22584
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22585
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22587
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22589
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22590
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22592 (to CVE-2022-22594)