exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2022-10-24-6

Apple Security Advisory 2022-10-24-6
Posted Oct 31, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-10-24-6 - tvOS 16.1 addresses code execution, out of bounds write, and spoofing vulnerabilities.

tags | advisory, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2022-32924, CVE-2022-32940, CVE-2022-42799, CVE-2022-42808, CVE-2022-42811, CVE-2022-42813, CVE-2022-42823, CVE-2022-42824, CVE-2022-42825
SHA-256 | 44f6409a85039fffce8beb8e12e4bd604e71f506416e497a09d3897da6deb134

Apple Security Advisory 2022-10-24-6

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-10-24-6 tvOS 16.1

tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.

AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)

AVEVideoEncoder
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.

CFNetwork
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed with improved validation.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)

Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab

Sandbox
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

WebKit
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

Additional recognition

iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of
Moveworks.ai for their assistance.

Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their
assistance.

WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting "Settings ->
System -> Software Update -> Update Software." To check the current
version of software, select "Settings -> General -> About."
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW14YACgkQ4RjMIDke
NxmyxQ//V8g3f1Q3mu8+thoVYnyT5lU3Krfa3MqTPPCVLVZnUBjC65ctqS3tHIzz
AzPxydul/82XS3ps9Hd/YOd5fjU/JRDqXJNX5CmQLW0xW9NQUgQ67fCH2uYhkmWl
vTozaGxjl/3N7Ogc447FbDWMMMtQaFHEv/SoXWVeCZHGHCU+KCdU2uaaC4VsrtTg
JBxByj+IOnY7aKQIttK4hmSuwtlVZgcGQhUywpwJRQXaBKUhtUL1diQfFgCQVNQT
zuFyZg0PJr+0/HJ/v3xkHXFpfp1G3VxVGJzbI/4Ny7ow16oFbcCAL63u8txW6TpK
d8HHfawUTzqxUIA5WEP5bm4PdmcINUgw83lu9ogqEuLhWeY9t8Hy9AHYuTrCRGDo
8zLdhWR/Yw6Gk+TbY7UYYUIjBegLVlIpZlEnTwfn0S2oI4e7bwdjwGguEzeZUwf3
AYQf7EsQpxPHWvMbE1AQmyOEDydTYh/sfQtEJZK30zwJK3ZUq7RJLBsRgsjJXi75
0B+rgmJu0h48Y00HAk0LZOACF9VvSaSW6RLPgA+of/tb8wQNEdXErZdb8xSnE/Kl
F5TsvbatbUd1wstV4vJ4SBUrG8HZLDaj29bPFfh206PQ4escm5UHgTQu85A2pbP3
toJD10+fz2lvzwnSjeU/U/PMwfN2P7QP3YKL+o73hBoBr+davZM=
=Fnsx
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close