High Threat Security Alert (A22-12-08): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 14 December 2022

  
  

Description:

Apple has released iOS 15.7.2, iOS 16.2, iPadOS 15.7.2 and iPadOS 16.2 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213531

Reports indicate that an arbitrary code execution vulnerability (CVE-2022-42856) is being actively exploited. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 6s and later, SE (1st generation)
  • iPad 5th generation and later, Air 2 and later, mini 4 and later, Pro (all models)
  • iPod touch (7th generation)

 

Impact:

Depending on the vulnerability exploited, a successful exploitation could lead to arbitrary code execution, denial of service, information disclosure, privilege escalation, security restriction bypass or spoofing on an affected device.

 

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/en-us/HT213516
  • https://support.apple.com/en-us/HT213530
  • https://support.apple.com/en-us/HT213531
  • https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20221214
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32943
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303 (to CVE-2022-40304)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42837
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42840
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42842 (to CVE-2022-42846)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42848 (to CVE-2022-42852)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42855 (to CVE-2022-42856)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42859
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42861 (to CVE-2022-42867)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46689 (to CVE-2022-46696)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46698 (to CVE-2022-46702)


Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags