-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4

iOS 15.4 and iPadOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213182.

Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-22633: an anonymous researcher

AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.

AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-22634: an anonymous researcher

AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22635: an anonymous researcher

AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22636: an anonymous researcher

Cellular
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access may be able to view and modify
the carrier account information and settings from the lock screen
Description: The GSMA authentication panel could be presented on the
lock screen. The issue was resolved by requiring device unlock to
interact with the GSMA authentication panel.
CVE-2022-22652: Kağan Eğlence (linkedin.com/in/kaganeglence)

CoreMedia
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: An issue with app access to camera metadata was
addressed with improved logic.
CVE-2022-22598: Will Blaschko of Team Quasko

FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22642: Yicong Ding (@AntonioDing)

FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may send audio and video in a FaceTime call without
knowing that they have done so
Description: This issue was addressed with improved checks.
CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael
Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa
of Rutgers University, and Bao Nguyen of the University of Florida

GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22667: Justin Sherman of the University of Maryland,
Baltimore County

ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of Google

ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-22612: Xingyu Jin of Google

IOGPUFamily
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22641: Mohamed Ghannam (@_simo36)

iTunes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to access information about
the user and their devices
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22653: Aymeric Chaib of CERT Banque de France

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22596: an anonymous researcher
CVE-2022-22640: sqrtpwn

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: Alex, an anonymous researcher

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22632: Keegan Saunders

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)

libarchive
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed with improved input validation.
CVE-2021-36976

Markup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22622: Ingyu Lim (@_kanarena)

MediaRemote
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-22670: Brandon Azad

NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2022-22659: an anonymous researcher

Phone
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22618: Yicong Ding (@AntonioDing)

Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to read other
applications' settings
Description: The issue was addressed with additional permissions
checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,
Khiem Tran

Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to a device may be able to use
Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,
McCombs School of Business (linkedin.com/andrew-goldberg/)

SoftwareUpdate
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22639: Mickey (@patch1t)

UIKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt

VoiceOver
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22671: videosdebarraquito

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro
Zero Day Initiative

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may cause unexpected cross-origin
behavior
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google

Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22668: MrPhil17

Additional recognition

AirDrop
We would like to acknowledge Omar Espino (omespino.com), Ron Masas of
BreakPoint.sh for their assistance.

Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.

Music
We would like to acknowledge Vishesh Balani of Urban Company for
their assistance.

Notes
We would like to acknowledge Abhishek Bansal of Wipro Technologies
for their assistance.

Safari
We would like to acknowledge Konstantin Darutkin of FingerprintJS
(fingerprintjs.com) for their assistance.

Shortcuts
We would like to acknowledge Baibhav Anand Jha of Streamers Land for
their assistance.

Siri
We would like to acknowledge an anonymous researcher for their
assistance.

syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.

UIKit
We would like to acknowledge Tim Shadel of Day Logger, Inc. for their
assistance.

Wallet
We would like to acknowledge an anonymous researcher for their
assistance.

WebKit
We would like to acknowledge Abdullah Md Shaleh for their assistance.

WebKit Storage
We would like to acknowledge Martin Bajanik of FingerprintJS for
their assistance.

WidgetKit
We would like to acknowledge an anonymous researcher for their
assistance.

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/  iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device.  The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device.  To
check that the iPhone, iPod touch, or iPad has been updated:  *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.4 and iPadOS 15.4".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0TcACgkQeC9qKD1p
rhj47A/+MzBA5K7GNgX0pmF5XTfPFtPjM28knSOslgaK2A6VgfKC6WS8QXVnq0WU
VWvh8L7zSxBtJ9yXe/d+/zDV2XJflUTda7sRtusmVGsj4uUd3wqONpoh2bHdkSga
NTZgEic+vEY0MMj5KrHJzbc3m4DL/dQ9KTpGpxdTztTc3C2j3baCR4ky73+iuoha
iTxgx27zqgllL/+qDFpyCcfyOI/53kvJ4AP09/q0UKoJSajwcGTiF9GysLM+1IJD
0t+h7KQ+1v38zI2fYhiyH47c+JJN4PqeHL9DSj6f1RcVTwFUAeuv86fugz8ed/BZ
wwp+U7rJ2RS4zU/1hiDu5LDqbo6VW6yIslVEU0Qmtbf2KcTekGRX/Jqp/kJyOguj
IexhEcOY3ADsjJ7MMX7rFRLcBcUpWTE9UM15+O8z6n5XCI3yCZAjHj49LkCK60PM
/Ay/rFia+MBwnGvs+gZFiO742HSHCh2++jdNYN648JaefqXr8Ym4HnfpNRC7bzMg
+m16dur8gHpk7FKNaKRLCkfJGV0dqeGYrtrXGtxSTWWfXQ2Ty7boJ7VEnWclqqCf
Bqg2gkaioNQ/tkmjfqhdqBd23DQCpiYPuLdp4nY4KuXOhX7dqAUCFWYfRK9MHqo5
2FcNIE6xQexHv+6SIPOXnejpPXoV5OEku0Y/11mz8/Myiy2Imvk=
=/IfW
-----END PGP SIGNATURE-----