Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple addresses ten vulnerabilities, two of which are actively exploited. The vulnerabilities have been assigned CVE-2022-32917 and CVE-2022-32894 and could allow an attacker to execute arbitrary code
{"talosblog": [{"lastseen": "2022-11-03T15:20:29", "description": "\n\nWelcome to this week's edition of the Threat Source newsletter.\n\nThere are plenty of jokes about whether we're "aware" of cybersecurity during National Cybersecurity Awareness Month. But now I'm wondering if people are aware of supply chain attacks.\n\nI thought we hit the pinnacle of supply chain attacks in 2020 with the [SolarWinds attack](<https://blog.talosintelligence.com/solarwinds-supplychain-coverage/>), when these types of attacks dominated headlines and defenders started shouting from the mountaintops about how important it is to be ready for supply chain attacks.\n\nAnd then [Kaseya came along a few months](<https://blog.talosintelligence.com/revil-ransomware-actors-attack-kaseya/>) later when attackers found a different way to deploy malicious updates that were disguised as legitimate patches.\n\nAnd still today, we're [warning about the dangers](<https://www.forbes.com/sites/forbestechcouncil/2022/09/27/mitigating-the-risk-of-supply-chain-attacks-in-the-age-of-cloud-computing/?sh=74f6838bd313>) of how prevalent supply chain attacks are and how everyone needs to be ready for this attacker technique. This leaves me wondering if Kaseya and SolarWinds weren't the breaking point -- what is?\n\nIt seems like no matter how many times we see major ransomware attacks, even coming to the point of making it impossible for people to get gas, attackers are back again with another ransomware attack a few weeks later.\n\nWe still have several hurdles to overcome to fix the supply chain attack problem, as Jaeson Schultz from our Outreach team [outlined in this recent post](<https://blog.talosintelligence.com/developer-account-body-snatchers-pose/>). But it's clear that these attacks aren't going anywhere, and neither are [defenders' warnings](<https://www.infosecurity-magazine.com/news/supply-chain-attacks/>).\n\nAs I wrote at the start of October, it can be easy to poke fun at Cybersecurity Awareness Month because it's impossible to define what it even means to be "aware" of cybersecurity. Clearly, there's still awareness to spread, though, and we keep needing to spread it in regard to supply chain attacks, ransomware and pretty much every other type of cyber attack.\n\n## The one big thing\n\nFor the first time since collecting such data, Cisco Talos Incident Response [saw an equal number of ransomware and pre-ransomware engagements](<https://blog.talosintelligence.com/quarterly-report-incident-response-trends-in-q3-2022/>), making up nearly 40 percent of threats in the third quarter of 2022. It can be difficult to determine what constitutes a pre-ransomware attack if ransomware never executes and encryption does not take place. However, Talos IR assesses that the combination of Cobalt Strike and credential-harvesting tools like Mimikatz, paired with enumeration and discovery techniques, indicates a high likelihood that ransomware is the final objective.\n\n### Why do I care?\n\nThis data represents what Talos IR is actively seeing in the wild over the past few months and is likely representative of the broader threat landscape.\n\n### So now what?\n\nA lack of MFA remains one of the biggest impediments to enterprise security. Nearly 18 percent of engagements either had no MFA or only had it enabled on a handful of accounts and critical services. Talos IR frequently observes ransomware and phishing incidents that could have been prevented if MFA had been properly enabled on critical services, such as endpoint detection and response (EDR) solutions. Talos IR recommends disabling VPN access for all accounts that are not using two-factor authentication.\n\n## Top security headlines of the week\n\nThe Biden administration is preparing to release updated guidelines and warnings around election security with a few days left before the midterm elections. A bulletin reportedly being drafted includes information on threats from Russia, China and other state-sponsored actors. Election workers and local officials are also having to deal with physical threats to polling workers and locations, all while the number of volunteers is dwindling. Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency released a PSA stating that malicious cyber activity is "unlikely to disrupt or prevent voting." ([Politico](<https://www.politico.com/news/2022/10/24/biden-election-infrastructure-national-security-warnings-00063134>), [Axios](<https://www.axios.com/2022/10/25/election-cybersecurity-midterm-threats>), [Voice of America](<https://www.voanews.com/a/us-election-security-heightened-/6798070.html>))\n\nApple released security updates for its iOS and iPadOS operating systems this week, including fixes for a vulnerability that "may have been actively exploited." There are 20 vulnerabilities fixed in these updates in all. CVE-2022-42827 is the most notable vulnerability, which could allow an attacker to execute code with Kernel privileges via an attacker-controlled app. This is the third Kernel-related out-of-bounds memory vulnerability that Apple has patched in each of its previous security updates: CVE-2022-32894 and CVE-2022-32917. CVE-2022-32917 was known to be used in attacks in the wild. ([Forbes](<https://www.forbes.com/sites/kateoflahertyuk/2022/10/25/ios-161-update-now-warning-issued-to-all-iphone-users/?sh=7f1998d22cd3>), [The Hacker News](<https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html>))\n\nTwo vulnerabilities in Microsoft's Mark of the Web (MoTW) security feature could allow an attacker to send JavaScript files that could bypass security blocks in place. Attackers are reportedly actively exploiting both issues, though Microsoft has yet to issue any formal fixes for the vulnerabilities, and there are no workarounds available. Mark of the Web protects users against files from untrusted sources, but the two vulnerabilities could allow the attackers to construct the files in a way that they are not appropriately marked by Windows. Attackers commonly use .js files as attachments or downloads that can run outside a web browser. ([Dark Reading](<https://www.darkreading.com/attacks-breaches/windows-mark-of-the-web-zero-days-patchless-exploit>), [Bleeping Computer](<https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/>))\n\n## Can't get enough Talos?\n\n * [Talos Takes Ep. #118: Threat Hunting 101](<https://www.buzzsprout.com/2018149/11542593>)\n * [Beers with Talos Ep. #127: I'm a skiddie, and you can too!](<https://www.buzzsprout.com/2033817/11574269>)\n * [A bug in Abode's home security system could let hackers remotely switch off cameras](<https://techcrunch.com/2022/10/20/abode-security-flaws/>)\n * [Talos Incident Response Q3 2022 Quarterly Report](<https://talosintelligence.com/resources/543>)\n\n## Upcoming events where you can find Talos\n\n[**Click or Treat? How not to fall for a phishing attack this Halloween**](<https://event.on24.com/wcc/r/3914851/E2A43FEDFCBA27E80F264C1B326F7D66>) (Oct. 31) \nVirtual\n\n[**BSides Lisbon**](<https://www.bsideslisbon.org/>) (Nov. 10 - 11) \nCidade Universitaria, Lisboa, Portugal\n\n## Most prevalent malware files from Talos telemetry over the past week\n\n**SHA 256:** [e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c](<https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/details>) \n**MD5: **a087b2e6ec57b08c0d0750c60f96a74c \n**Typical Filename:** AAct.exe \n**Claimed Product:** N/A \n**Detection Name:** PUA.Win.Tool.Kmsauto::1201\n\n**SHA 256:** [e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934](<https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details>) \n**MD5:** 93fefc3e88ffb78abb36365fa5cf857c \n**Typical Filename:** Wextract \n**Claimed Product:** Internet Explorer \n**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg\n\n**SHA 256:** [c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0](<https://www.virustotal.com/gui/file/c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0/details>) \n**MD5:** 8c69830a50fb85d8a794fa46643493b2 \n**Typical Filename:** AAct.exe \n**Claimed Product:** N/A \n**Detection Name:** PUA.Win.Dropper.Generic::1201\n\n**SHA 256:** [58d6fec4ba24c32d38c9a0c7c39df3cb0e91f500b323e841121d703c7b718681](<https://www.virustotal.com/gui/file/58d6fec4ba24c32d38c9a0c7c39df3cb0e91f500b323e841121d703c7b718681/details>) \n**MD5:** f1fe671bcefd4630e5ed8b87c9283534 \n**Typical Filename:** KMSAuto Net.exe \n**Claimed Product:** KMSAuto Net \n**Detection Name:** PUA.Win.Tool.Hackkms::1201\n\n**SHA 256:** [125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645](<https://www.virustotal.com/gui/file/125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645/details>) \n**MD5:** 2c8ea737a232fd03ab80db672d50a17a \n**Typical Filename:** LwssPlayer.scr \n**Claimed Product: **\u68a6\u60f3\u4e4b\u5dc5\u5e7b\u706f\u64ad\u653e\u5668 \n**Detection Name:** Auto.125E12.241442.in02", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-27T18:00:06", "type": "talosblog", "title": "Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-32894", "CVE-2022-32917", "CVE-2022-42827"], "modified": "2022-10-27T18:00:06", "id": "TALOSBLOG:340C6278FFC694179634A24F686CBFDF", "href": "https://blog.talosintelligence.com/threat-source-newsletter-oct-27-2022/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T15:24:54", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLGV0qm1JxU91RjdxVIuHS5qpDp6eR5oqC3GXE4GKh74vcE6eErdX-odGGmldK4seEV08PmWVUMwC9eHiY-MNvEWPJqq7kEe3k9gjAfn0ai-JRQnZ3GdRiAki_wed_Ctz2-MbeTD591fAVRErXhYumK3_GFcUGqEBUmnA_aeVfgK2rZKQ7AW0eYUiY/s2000/threat-source-newsletter.jpg>)\n\n \n\n\n_By Jon Munshaw. _\n\n[](<https://engage2demand.cisco.com/SubscribeTalosThreatSource>)\n\nWelcome to this week\u2019s edition of the Threat Source newsletter. \n\n \n\n\nPublic schools in the United States already rely on our teachers for so much \u2014 they have to be educators, occasional parental figures, nurses, [safety officers, law enforcement](<https://www.voanews.com/a/as-us-schools-increase-security-some-arm-teachers/6707930.html>) and much more. Slowly, they\u2019re having to add \u201cIT admin\u201d to their list of roles. \n\n \n\n\nEducational institutions have increasingly become a target for ransomware attacks, an issue already highlighted this year by a [major cyber attack on the combined Los Angeles school district](<https://www.npr.org/2022/09/07/1121422336/a-cyberattack-hits-the-los-angeles-school-district-raising-alarm-across-the-coun>) in California that schools are still recovering from. \n\n \n\n\n[Teachers there reported](<https://laist.com/news/education/los-angeles-unified-caught-in-cyber-attack-heres-what-happens-next>) that during the week of the attack, they couldn\u2019t enter attendance, lost lesson plans and presentations, and had to scrap homework plans. Technology has become ever-present in classrooms, so any minimal disruption in a school\u2019s network or software can throw pretty much everything off. \n\n \n\n\nThe last thing teachers need to worry about now is defending against a well-funded threat actor who may live thousands of miles away \u2014 but we\u2019re not making it easy on them. \n\n \n\n\nI asked my mom about this, who is a paraeducator for kindergarten students, and she told me each of her students (keep in mind these are mostly 5- and 6-year-olds) has their own Chromebooks that they bring to and from home and use for homework assignments. The elementary school she works at has more than 500 students enrolled across six grades, and yet there\u2019s only one person for the whole school who acts as their overall IT and network administrator. That\u2019s one person to manage 500-plus laptops and even more devices like iPads and smartboards as you get into the older grades. Many working adults still need to be educated about the dangers of cyber attacks or how to spot a spam text, how can we have the same expectations from kindergarteners? \n\n \n\n\nI\u2019m not saying this is a simple issue to fix \u2014 it would cost millions of dollars to invest in security infrastructure at schools across the U.S. and hire the necessary staff to manage these devices. But I do wonder if it\u2019s a bridge too far for the [burden we\u2019re already placing on teachers](<https://apnews.com/article/health-covid-education-birmingham-0785042a3da15bcbcc58922c747fd961>). \n\n \n\n\nMany of my friends who are educators are great teachers but would be far from computer experts, and I\u2019m confident they\u2019ve never thought about how secure the passwords that their students need to log into their laptops are. \n\n \n\n\nThe FBI released a warning last week that the [Vice Society ransomware group](<https://duo.com/decipher/cisa-fbi-warn-of-vice-society-ransomware-attacks-on-schools>) has increasingly been targeting schools across the U.S. and expects those attacks to continue as the school year ramps up. In the advisory, they said, \u201cSchool districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.\u201d If that\u2019s the case, what happens if one of these underfunded districts is hit by a cyber attack? Rather than spending the year trying to beef up their security or implement new policies, they\u2019ll instead just have to use up all their time and resources recovering from the attack and returning to square one. \n\n \n\n\nThe teachers, IT admins and school leaders who are already stretched too thin will only be stretched further in the event of a cyber attack. So, before we start investing more money into getting technology into students\u2019 hands in the classroom, it may be worth considering how those devices are meant to be protected and who will oversee protecting them. \n\n \n\n## The one big thing \n\n> \n\n\n> Continuing our research into the well-known Lazarus Group, we have [new details on a malware campaign](<https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html>) with three different trojans targeting energy providers in the U.S., Canada and Japan. The newest malware is MagicRAT, which is deployed alongside two other RATs the Lazarus Group is known for. All three malware tools are being delivered via a targeted campaign that starts with the exploitation of the [Log4j vulnerability](<https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html>) in VMware Horizon. \n\n\n> ### Why do I care? \n> \n> As we [outlined in the newsletter last week](<https://blog.talosintelligence.com/2022/09/threat-source-newsletter-sept-8-2022.html>), anything the Lazarus Group does is not to be taken lightly. And it\u2019s particularly notable since they are targeting energy suppliers, highlighting the dangers that critical infrastructure faces from state-sponsored threat actors. Our research also shows the Lazarus Group is continually updating its malware and finding new ways to avoid detection. \n> \n> ### So now what? \n> \n> We\u2019ve said this a thousand times already, but patch for Log4j in all software if you haven\u2019t already since this is the primary infection method used in this campaign. Talos also released several new solutions for Cisco Secure to detect and prevent the malware used in these attacks. \n> \n> \n\n## Top security headlines from the week\n\n \n\n\nTwitter\u2019s former head of security warned Congress about several potentially dangerous security practices at the social media giant. Peiter \u201cMudge\u201d Zatko, one of the first \u201chackers\u201d to enter mainstream culture, said in testimony that about 50 percent of Twitter\u2019s employees could have access to sensitive user information, something he says he tried to prevent during his time at the company but was stopped. Zatko went as far to directly tell U.S. Senators that their personal data could be at risk because of these practices, adding that the company is \u201cmisleading the public, lawmakers, regulators, and even its own board of directors.\u201d The testimony came under additional scrutiny because of its potential influence on the ongoing battle regarding Elon Musk\u2019s failed offer to buy Twitter. ([Vox](<https://www.vox.com/recode/2022/9/13/23351523/twitter-whistleblower-peiter-mudge-zatko-senate-hearing-klobuchar-grassley-durbin-musk-parag-agrawal>), [Politico](<https://www.politico.com/news/2022/09/13/whistleblower-zatko-testimony-agrawal-twitter-00056291>)) \n\nMontenegro\u2019s government continues to grapple with a massive cyber attack, forcing many services offline at government offices and putting the country\u2019s essential infrastructure, including banking, water and electrical power systems at risk. Government officials stated that the attack resembles others from well-known Russian state-sponsored actors. The FBI even deployed a special cybersecurity team to the country to help with the recovery and remediation process. The Cuba ransomware group claimed responsibility for the attack, going as far as to say they created a special malware just for this campaign. Recent cyber attacks against NATO nations like Montenegro and Albania have raised questions around NATO\u2019s Article 5 could be triggered over offensive cyber attacks. ([Associated Press](<https://apnews.com/article/russia-ukraine-nato-technology-hacking-religion-5c2bd851027b56a77eaf9385b7d5d741>), [NPR](<https://www.npr.org/2022/09/13/1122621461/examining-2-recent-cyberattacks-against-nato-members>)) \n\nApple released security updates for its mobile and desktop operating systems this week to patch zero-day vulnerabilities that attackers have actively exploited in the wild. CVE-2022-32917, according to Apple, could allow an attacker to execute arbitrary code with kernel privileges. This is the eighth zero-day vulnerability Apple disclosed this year. When updating iOS, users can upgrade to iOS 16, which also comes with several new security features. The new operating system includes a centralized privacy dashboard, safety checks for users who could be at risk of having their devices infected with spyware, and password-free logins on some sites. ([9to5Mac](<https://9to5mac.com/2022/09/13/update-your-iphone/>), [New York Times Wirecutter](<https://www.nytimes.com/wirecutter/blog/apple-ios-16-privacy-and-security-features/>)) \n\n \n\n\n## Can\u2019t get enough Talos? \n\n * _[Energy providers hit by North Korea-linked Lazarus exploiting Log4j VMware vulnerabilities](<https://www.cybersecuritydive.com/news/energy-providers-log4j-vmware/631673/>)_\n * _[Talos Takes Ep. #112: Back to school advice for teachers, students, parents, admins and everyone in between](<https://www.buzzsprout.com/2018149/episodes/11283506>)_\n * _[North Korea\u2019s Lazarus hackers are exploiting Log4j flaw to hack US energy companies](<https://techcrunch.com/2022/09/08/north-korea-lazarus-united-states-energy/>)_\n * _[Cisco Talos traps new Lazarus Group RAT](<https://www.techtarget.com/searchsecurity/news/252524728/Cisco-Talos-traps-new-Lazarus-Group-RAT>)_\n * _[Microsoft Patch Tuesday for September 2022 \u2014 Snort rules and prominent vulnerabilities](<https://blog.talosintelligence.com/2022/09/microsoft-patch-tuesday-for-september.html>)_\n * _[Talos EMEA Monthly Threat Update: How do you know if cyber insurance is right for you?](<https://youtu.be/ZjdBRjJ7yx4>)_\n\n## Upcoming events where you can find Talos \n\n \n\n\n**_[Cisco Security Solution Expert Sessions](<https://web.cvent.com/event/f150cd18-061b-4c25-b617-044c50cac855/summary>)_ (Oct. 11 & 13)**\n\nVirtual \n\n \n\n\n## Most prevalent malware files from Talos telemetry over the past week \n\n** \n**\n\n**SHA 256: **[e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c](<https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/details>)\n\n**MD5: **a087b2e6ec57b08c0d0750c60f96a74c \n\n**Typical Filename: **AAct.exe \n\n**Claimed Product: **N/A** **\n\n**Detection Name: **PUA.Win.Tool.Kmsauto::1201 \n\n** \n**\n\n**SHA 256: **[e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934](<https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details>)** \n****MD5: **93fefc3e88ffb78abb36365fa5cf857c ** \n****Typical Filename: **Wextract \n**Claimed Product: **Internet Explorer \n**Detection Name: **PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg \n\n \n\n\n**SHA 256: **[c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0](<https://www.virustotal.com/gui/file/c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0/details>) \n\n**MD5:** 8c69830a50fb85d8a794fa46643493b2 \n\n**Typical Filename: **AAct.exe** **\n\n**Claimed Product: **N/A \n\n**Detection Name: **PUA.Win.Dropper.Generic::1201** **\n\n** \n**\n\n**SHA 256: **[58d6fec4ba24c32d38c9a0c7c39df3cb0e91f500b323e841121d703c7b718681](<https://www.virustotal.com/gui/file/58d6fec4ba24c32d38c9a0c7c39df3cb0e91f500b323e841121d703c7b718681/details>)** **\n\n**MD5: **f1fe671bcefd4630e5ed8b87c9283534 \n\n**Typical Filename: **KMSAuto Net.exe** **\n\n**Claimed Product: **KMSAuto Net \n\n**Detection Name: **PUA.Win.Tool.Hackkms::1201 \n\n** \n**\n\n**SHA 256: **[8664e2f59077c58ac12e747da09d2810fd5ca611f56c0c900578bf750cab56b7](<https://www.virustotal.com/gui/file/8664e2f59077c58ac12e747da09d2810fd5ca611f56c0c900578bf750cab56b7/details>) \n\n**MD5: **0e4c49327e3be816022a233f844a5731** **\n\n**Typical Filename: **aact.exe** **\n\n**Claimed Product: **AAct x86 \n\n**Detection Name: **PUA.Win.Tool.Kmsauto::in03.talos** **", "cvss3": {}, "published": "2022-09-15T18:00:00", "type": "talosblog", "title": "Threat Source newsletter (Sept. 15, 2022) \u2014 Teachers have to be IT admins now, too", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-32917"], "modified": "2022-09-16T13:38:00", "id": "TALOSBLOG:8702885301AC5E41DC818B2EF245CC29", "href": "http://blog.talosintelligence.com/2022/09/threat-source-newsletter-sept-15-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T14:32:09", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLGV0qm1JxU91RjdxVIuHS5qpDp6eR5oqC3GXE4GKh74vcE6eErdX-odGGmldK4seEV08PmWVUMwC9eHiY-MNvEWPJqq7kEe3k9gjAfn0ai-JRQnZ3GdRiAki_wed_Ctz2-MbeTD591fAVRErXhYumK3_GFcUGqEBUmnA_aeVfgK2rZKQ7AW0eYUiY/s2000/threat-source-newsletter.jpg>) \n\n\n_By Jon Munshaw. _\n\n[](<https://engage2demand.cisco.com/SubscribeTalosThreatSource>)\n\nWelcome to this week\u2019s edition of the Threat Source newsletter. \n\n \n\n\nRussia\u2019s invasion of Ukraine was once the most talked about story in the world. Six months into the conflict, modern attention spans have moved on to other news stories. But Ukraine Independence Day yesterday should serve as a reminder to everyone that the threats to Ukraine have not gone anywhere. \n\n \n\n\nThe country still faces a physical conflict with Russia every day that seemingly has no easy end, and the barrage of cyber attacks is suspected to continue. \n\n \n\n\nAs discussed in [our livestream yesterday](<https://youtu.be/sIsrNI6Hhwc>), Talos continues to see evolving cybersecurity threats in the region, including the most recent [GoMet backdoor](<https://blog.talosintelligence.com/2022/07/attackers-target-ukraine-using-gomet.html>). And as Joe Marshall highlighted in [his blog post last week](<https://blog.talosintelligence.com/2022/08/ukraine-and-fragility-of-agriculture.html>), Ukraine\u2019s agriculture industry \u2014 which is vital to the global food supply chain \u2014 remains vulnerable to kinetic and virtual attacks. Because there\u2019s been no one major cyber attack against Ukraine since Russia\u2019s invasion began, the larger public perception is that things haven\u2019t been \u201cthat bad.\u201d But state-sponsored actors have continually barraged Ukrainian government entities and critical infrastructure with a range of attacks, including the [infamous Fancy Bear and Sandworm groups](<https://www.darkreading.com/attacks-breaches/five-russia-linked-groups-target-ukraine-in-cyberwar>). \n\n \n\n\nUkraine\u2019s state nuclear power company also said last week that state-sponsored actors [launched a three-hour attack](<https://www.aljazeera.com/news/2022/8/16/ukraine-nuclear-power-company-says-russia-attacked-website>) on its websites. \n\n \n\n\nA three-hour distributed denial-of-service attack isn\u2019t going to headline the nightly news, but that doesn\u2019t mean they aren\u2019t happening and making it harder for the Ukrainian government and critical infrastructure to operate. There are people who, six months into this, are still having to fend off cyber threats daily, sometimes just to keep the internet on or to make sure that week\u2019s grain shipment goes out on time. \n\n \n\n\nWhile headlines come and go, it\u2019s important to remember that there are some things always going on in the background that are bigger than newer headlines that distract us to talk about the newest trojan someone found on the Android store. \n\n \n\n## The one big thing \n\n> > All Apple users should update their devices if they haven\u2019t already. The company [released updates](<https://www.pcmag.com/news/time-to-patch-hackers-are-exploiting-2-flaws-in-ios-macos>) for iOS, iPadOS and macOS last week, warning of two vulnerabilities that [could have been exploited in the wild](<https://www.techtimes.com/articles/279393/20220819/apple-fixes-two-major-vulnerabilities-targeting-webkit-kernel-iphone-owners.htm>). CVE-2022-32894 is an out-of-bounds write issue in the operating systems\u2019 kernel that an adversary could exploit to execute arbitrary code with kernel privileges and [take control over the system](<https://www.cbc.ca/news/business/apple-security-flaw-full-control-1.6556039>). CVE-2022-32893 is an out-of-bounds write issue in WebKit that can also lead to arbitrary code execution. \n\n\n> ### Why do I care? \n> \n> While Apple did not disclose any details of attacks potential exploiting these issues, it did say it was aware of a report that the issues \u201cmay have been actively exploited.\u201d Apple says the vulnerabilities exist in iPhone 6s and later, all models of the iPad Pro, the iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch 7th generation. Any users of these devices should patch as soon as possible. \n> \n> ### So now what? \n> \n> Patch, patch and patch again if you\u2019re using any Apple devices. \n\n> \n> \n\n## Top security headlines from the week\n\n \n\n\nThe LockBit ransomware\u2019s website was hit with a large distributed denial-of-service attack after threatening to leak documents belonging to a cybersecurity firm. At one point, the site displayed a warning that the ransomware gang plans to upload the targeted company\u2019s stolen data to peer-to-peer networks. Talos\u2019 own Azim Shukuhi first tweeted that a LockBit member told him the site's servers were receiving \u201c400 requests a second from over 1,000 servers\u201d in a possible \u201chack back\u201d attack. DDoS attacks aim to disrupt a site\u2019s operations by flooding it with traffic and messages, forcing it to essentially shut down for a period of time. ([The Register](<https://www.theregister.com/2022/08/22/entrust_lockbit_ddos_ransomware/>), [TechCrunch](<https://techcrunch.com/2022/08/22/entrust-lockbit-ddos-ransomware/>)) \n\nFormer Twitter Head of Security Peiter \"Mudge\" Zatko filed a complaint to the U.S. Securities and Exchange Commission alleging that Twitter is not doing enough to crack down on bot and spam accounts. Mudge is known for being involved with the \u201cCult of the Dead Cow\u201d hacking group, one of the first groups of its kind in history. The testimony to the SEC also stated that too many Twitter employees have access to critical user data and the company was not actually deleting user data when it was asked to. The number of bot accounts on the social media site is central to a failed bid for Elon Musk to buy the company. ([CNN](<https://www.cnn.com/videos/business/2022/08/23/elon-musk-bots-twitter-whistleblower-peiter-mudge-zatko-zw-jg-orig.cnn-business>), [The Verge](<https://www.theverge.com/2022/8/23/23317857/twitter-whistleblower-zatko-security-spam-safety>)) \n\nThe FBI is warning that threat actors are increasingly hijacking home IP addresses to disguise credential-stuffing attacks. An investigation from the FBI and their Australian counterparts uncovered two sites that contained more than 300,000 unique credentials that were for sale, warning they could be used in attacks against private companies. The actors are setting up proxies to disguise the flood of login attempts, and by using residential IP addresses, they can avoid usual detection techniques. ([Cybersecurity Dive](<https://www.cybersecuritydive.com/news/credential-stuffing-FBI/630294/>), [FBI](<https://www.ic3.gov/Media/News/2022/220818.pdf>)) \n\n \n\n\n## Can\u2019t get enough Talos? \n\n * _[Talos Takes Ep. #109: Why cybercrime is going small-time](<https://www.buzzsprout.com/2018149/episodes/11165673>)_\n * _[Livestream: Talos update on Ukraine Independence Day](<https://www.youtube.com/watch?v=sIsrNI6Hhwc&ab_channel=CiscoTalosIntelligenceGroup>)_\n * _[Threat Roundup for Aug. 12 - 19](<https://blog.talosintelligence.com/2022/08/threat-roundup-0812-0819.html>)_\n * _[The war in Ukraine has threatened its vital agriculture. Now it could be crippled by a cyberattack](<https://www.euronews.com/next/2022/08/24/the-war-in-ukraine-has-threatened-its-vital-agriculture-now-it-could-be-crippled-by-a-cybe>)_\n * _[Cisco: All Intelligence is Not Created Equal](<https://www.darkreading.com/threat-intelligence/cisco-all-intelligence-is-not-created-equal>)_\n\n \n\n\n## Upcoming events where you can find Talos \n\n \n\n\n**_[Cisco Security Solution Expert Sessions](<https://web.cvent.com/event/f150cd18-061b-4c25-b617-044c50cac855/summary>)_ (Oct. 11 & 13)**\n\nVirtual \n\n \n\n\n## Most prevalent malware files from Talos telemetry over the past week \n\n** \n**\n\n**SHA 256: **[e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934](<https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details>)** \n****MD5: **93fefc3e88ffb78abb36365fa5cf857c ** \n****Typical Filename: **Wextract \n**Claimed Product: **Internet Explorer \n**Detection Name: **PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg \n\n \n\n\n**SHA 256: **[125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645](<https://www.virustotal.com/gui/file/125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645/details>) \n\n**MD5: **2c8ea737a232fd03ab80db672d50a17a \n\n**Typical Filename:** LwssPlayer.scr \n\n**Claimed Product: **\u68a6\u60f3\u4e4b\u5dc5\u5e7b\u706f\u64ad\u653e\u5668 \n\n**Detection Name: **Auto.125E12.241442.in02 \n\n \n\n\n**SHA 256: **[a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91](<https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details>)** **\n\n**MD5: **7bdbd180c081fa63ca94f9c22c457376 \n\n**Typical Filename: **c0dwjdi6a.dll \n\n**Claimed Product: **N/A \n\n**Detection Name: **Trojan.GenericKD.33515991 \n\n \n\n\n**SHA 256: **[e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c](<https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/details>)** **\n\n**MD5: **a087b2e6ec57b08c0d0750c60f96a74c \n\n**Typical Filename: **AAct.exe \n\n**Claimed Product: **N/A ** **\n\n**Detection Name: **PUA.Win.Tool.Kmsauto::1201 \n\n** \n**\n\n**SHA 256: **[c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0](<https://www.virustotal.com/gui/file/c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0/details>) \n\n**MD5: **8c69830a50fb85d8a794fa46643493b2 \n\n**Typical Filename:** AAct.exe** **\n\n**Claimed Product: **N/A \n\n**Detection Name: **PUA.Win.Dropper.Generic::1201", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-25T18:00:00", "type": "talosblog", "title": "Threat Source newsletter (Aug. 25, 2022) \u2014 We're still not talking about Ukraine enough", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-09-01T12:58:19", "id": "TALOSBLOG:53D093A8C1C443878386CF6F108BED03", "href": "http://blog.talosintelligence.com/2022/08/threat-source-newsletter-aug-25-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "cnvd": [{"lastseen": "2022-08-21T09:51:45", "description": "iOS is a mobile operating system developed by Apple Inc. iPadOS (full name: iPad Operating System) is a family of mobile operating systems developed by Apple Inc. based on iOS. Mac OS is a set of operating systems developed by Apple that runs on the Macintosh family of computers. apple iOS, iPadOS and Mac OS has an out-of-bounds write vulnerability, which can be exploited by attackers to execute arbitrary code.", "cvss3": {}, "published": "2022-08-18T00:00:00", "type": "cnvd", "title": "Apple OS out-of-bounds write vulnerability", "bulletinFamily": "cnvd", "cvss2": {}, "cvelist": ["CVE-2022-32894"], "modified": "2022-08-21T00:00:00", "id": "CNVD-2022-58457", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-58457", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-03T14:43:27", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-24T20:15:00", "type": "cve", "title": "CVE-2022-32894", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32894"], "modified": "2022-12-07T03:02:00", "cpe": [], "id": "CVE-2022-32894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32894", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-03T14:43:31", "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-20T21:15:00", "type": "cve", "title": "CVE-2022-32917", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32917"], "modified": "2022-12-07T03:12:00", "cpe": [], "id": "CVE-2022-32917", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32917", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}], "prion": [{"lastseen": "2023-08-15T17:55:39", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-24T20:15:00", "type": "prion", "title": "CVE-2022-32894", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32894"], "modified": "2022-12-07T03:02:00", "id": "PRION:CVE-2022-32894", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-32894", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-15T17:55:49", "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-20T21:15:00", "type": "prion", "title": "CVE-2022-32917", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32917"], "modified": "2022-12-07T03:12:00", "id": "PRION:CVE-2022-32917", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-32917", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-18T00:00:00", "type": "cisa_kev", "title": "Apple iOS and macOS Out-of-Bounds Write Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32894"], "modified": "2022-08-18T00:00:00", "id": "CISA-KEV-CVE-2022-32894", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T17:22:44", "description": "Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T00:00:00", "type": "cisa_kev", "title": "Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32917"], "modified": "2022-09-14T00:00:00", "id": "CISA-KEV-CVE-2022-32917", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-07-31T21:02:40", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-24T00:00:00", "type": "attackerkb", "title": "CVE-2022-32894", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32894"], "modified": "2022-11-03T00:00:00", "id": "AKB:A0C8E5E1-E212-4D46-97F4-2C5A5F8F05F2", "href": "https://attackerkb.com/topics/dGRSfxvIvH/cve-2022-32894", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-08T20:23:01", "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-20T00:00:00", "type": "attackerkb", "title": "CVE-2022-32917", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32917"], "modified": "2022-11-03T00:00:00", "id": "AKB:768DA55B-E20A-49F0-AC15-CC1F4DC65DAC", "href": "https://attackerkb.com/topics/yiE2JRds8E/cve-2022-32917", "cvss": {"score": 4.3, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:34:35", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5.1 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bound write issue in Webkit that may lead to arbitrary code execution when processing maliciously crafted web content. (CVE-2022-32893)\n\n - An out-of-bounds write issue in the kernel that may lead to arbitrary code execution with kernel privileges. (CVE-2022-32894)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.5.1 (HT213413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213413.NASL", "href": "https://www.tenable.com/plugins/nessus/164288", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164288);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2022-32893\", \"CVE-2022-32894\");\n script_xref(name:\"APPLE-SA\", value:\"HT213413\");\n script_xref(name:\"IAVA\", value:\"2022-A-0336-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n\n script_name(english:\"macOS 12.x < 12.5.1 (HT213413)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5.1 Monterey. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An out-of-bound write issue in Webkit that may lead to arbitrary code execution when processing\n maliciously crafted web content. (CVE-2022-32893)\n\n - An out-of-bounds write issue in the kernel that may lead to arbitrary code execution with kernel\n privileges. (CVE-2022-32894)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213413\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32893\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0',\n 'fixed_version': '12.5.1',\n 'fixed_display': 'macOS Monterey 12.5.1'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-20T22:58:32", "description": "The version of Apple iOS running on the mobile device is prior to 15.6.1. It is, therefore, affected by multiple vulnerabilities:\n - An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32894) \n - Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2022-32893) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Apple iOS < 15.6.1 Multiple Vulnerabilities (HT213412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2023-06-20T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1561_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/164289", "sourceData": "Binary data apple_ios_1561_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:48", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7 Big Sur. It is, therefore, affected by multiple vulnerabilities :\n\n - Flaws with handling memory in the kernel. As a result, an app can be able to execute arbitrary code with kernel privileges or disclose kernel memory. (CVE-2022-32911, CVE-2022-32864)\n\n - Incorrect bounds checks in the kernel. As a result, an app can execute arbitrary code with kernel privileges. (CVE-2022-32894, CVE-2022-32917)\n\n - A logic issue in the Maps app. As a result an app can read sensitive location information.\n (CVE-2022-32883)\n\n - A flaw in the iMovie runtime. As a result a user can view sensitive information. (CVE-2022-32896)\n\n - A logic issue in the ATS and Contacts components. As a result an app can bypass privacy preferences.\n (CVE-2022-32854, CVE-2022-32900)\n\n - A logic issue in PackageKit. As a result an app can gain elevated privileges. (CVE-2022-32900)\n\n - A memory corruption issue in the MediaLibrary component. As a result a user can elevate privileges.\n (CVE-2022-32908)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.7 (HT213443)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32854", "CVE-2022-32864", "CVE-2022-32883", "CVE-2022-32894", "CVE-2022-32896", "CVE-2022-32900", "CVE-2022-32902", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32917"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213443.NASL", "href": "https://www.tenable.com/plugins/nessus/165108", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165108);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-32854\",\n \"CVE-2022-32864\",\n \"CVE-2022-32883\",\n \"CVE-2022-32894\",\n \"CVE-2022-32896\",\n \"CVE-2022-32900\",\n \"CVE-2022-32902\",\n \"CVE-2022-32908\",\n \"CVE-2022-32911\",\n \"CVE-2022-32917\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213443\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0355-S\");\n\n script_name(english:\"macOS 11.x < 11.7 (HT213443)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7 Big Sur. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Flaws with handling memory in the kernel. As a result, an app can be able to execute arbitrary code with\n kernel privileges or disclose kernel memory. (CVE-2022-32911, CVE-2022-32864)\n\n - Incorrect bounds checks in the kernel. As a result, an app can execute arbitrary code with kernel\n privileges. (CVE-2022-32894, CVE-2022-32917)\n\n - A logic issue in the Maps app. As a result an app can read sensitive location information.\n (CVE-2022-32883)\n\n - A flaw in the iMovie runtime. As a result a user can view sensitive information. (CVE-2022-32896)\n\n - A logic issue in the ATS and Contacts components. As a result an app can bypass privacy preferences.\n (CVE-2022-32854, CVE-2022-32900)\n\n - A logic issue in PackageKit. As a result an app can gain elevated privileges. (CVE-2022-32900)\n\n - A memory corruption issue in the MediaLibrary component. As a result a user can elevate privileges.\n (CVE-2022-32908)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213443\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32894\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32917\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.7', 'fixed_display' : 'macOS Big Sur 11.7' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:20", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Flaws with handling memory in the kernel. As a result, an app can be able to execute arbitrary code with kernel privileges or disclose kernel memory. (CVE-2022-32911, CVE-2022-32864)\n\n - Incorrect bounds checks in the kernel. As a result, an app can execute arbitrary code with kernel privileges. (CVE-2022-32917)\n\n - A logic issue in the Maps app. As a result an app can read sensitive location information.\n (CVE-2022-32883)\n\n - A flaw in the iMovie runtime. As a result a user can view sensitive information. (CVE-2022-32896)\n\n - A logic issue in the ATS component. As a result an app can bypass privacy preferences. (CVE-2022-32900)\n\n - A logic issue in PackageKit. As a result an app can gain elevated privileges. (CVE-2022-32900)\n\n - A memory corruption issue in the MediaLibrary component. As a result a user can elevate privileges.\n (CVE-2022-32908)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.6 (HT213444)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32864", "CVE-2022-32883", "CVE-2022-32896", "CVE-2022-32900", "CVE-2022-32902", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32917"], "modified": "2023-03-23T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213444.NASL", "href": "https://www.tenable.com/plugins/nessus/165106", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165106);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2022-32864\",\n \"CVE-2022-32883\",\n \"CVE-2022-32896\",\n \"CVE-2022-32900\",\n \"CVE-2022-32902\",\n \"CVE-2022-32908\",\n \"CVE-2022-32911\",\n \"CVE-2022-32917\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213444\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/10/05\");\n script_xref(name:\"IAVA\", value:\"2022-A-0355-S\");\n\n script_name(english:\"macOS 12.x < 12.6 (HT213444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6 Monterey. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Flaws with handling memory in the kernel. As a result, an app can be able to execute arbitrary code with\n kernel privileges or disclose kernel memory. (CVE-2022-32911, CVE-2022-32864)\n\n - Incorrect bounds checks in the kernel. As a result, an app can execute arbitrary code with kernel\n privileges. (CVE-2022-32917)\n\n - A logic issue in the Maps app. As a result an app can read sensitive location information.\n (CVE-2022-32883)\n\n - A flaw in the iMovie runtime. As a result a user can view sensitive information. (CVE-2022-32896)\n\n - A logic issue in the ATS component. As a result an app can bypass privacy preferences. (CVE-2022-32900)\n\n - A logic issue in PackageKit. As a result an app can gain elevated privileges. (CVE-2022-32900)\n\n - A memory corruption issue in the MediaLibrary component. As a result a user can elevate privileges.\n (CVE-2022-32908)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213444\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-32917\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0',\n 'fixed_version': '12.6',\n 'fixed_display': 'macOS Monterey 12.6'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-20T23:02:21", "description": "The version of Apple iOS running on the mobile device is prior to 16. It is, therefore, affected by multiple vulnerabilities:\n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-32886)\n\n - An app may be able to disclose kernel memory (CVE-2022-32864)\n\n - An app may be able to execute arbitrary code with kernel privilege (CVE-2022-32911) \n - An application may be able to execute arbitrary code with kernel privileges (CVE-2022-32917)\n\n - A user may be able to elevate privileges (CVE-2022-32908)\n\n - Visiting a malicious website may lead to address bar spoofing (CVE-2022-32795)\n\n - An app may be able to bypass Privacy preferences (CVE-2022-32854) \n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-32912)\n\n - A website may be able to track users through Safari web extensions (CVE-2022-32868)\n\n - A person with physical access to an iOS device may be able to access photos from the lock screen (CVE-2022-32872)\n\n - An app may be able to read sensitive location information (CVE-2022-32883)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "Apple iOS < 16 Multiple Vulnerabilities (HT213446)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32795", "CVE-2022-32854", "CVE-2022-32864", "CVE-2022-32868", "CVE-2022-32872", "CVE-2022-32883", "CVE-2022-32886", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32912", "CVE-2022-32917"], "modified": "2023-06-20T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_16_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/165105", "sourceData": "Binary data apple_ios_16_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-20T23:00:03", "description": "The version of Apple iOS running on the mobile device is prior to 15.7. It is, therefore, affected by multiple vulnerabilities:\n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-32886)\n\n - An app may be able to disclose kernel memory (CVE-2022-32864)\n\n - An app may be able to execute arbitrary code with kernel privilege (CVE-2022-32911) \n - An application may be able to execute arbitrary code with kernel privileges (CVE-2022-32917)\n\n - A user may be able to elevate privileges (CVE-2022-32908)\n\n - Visiting a malicious website may lead to address bar spoofing (CVE-2022-32795)\n\n - An app may be able to bypass Privacy preferences (CVE-2022-32854) \n\n - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-32912)\n\n - A website may be able to track users through Safari web extensions (CVE-2022-32868)\n\n - A person with physical access to an iOS device may be able to access photos from the lock screen (CVE-2022-32872)\n\n - An app may be able to read sensitive location information (CVE-2022-32883)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-13T00:00:00", "type": "nessus", "title": "Apple iOS < 15.7 Multiple Vulnerabilities (HT213445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-32795", "CVE-2022-32854", "CVE-2022-32864", "CVE-2022-32868", "CVE-2022-32872", "CVE-2022-32883", "CVE-2022-32886", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32912", "CVE-2022-32917"], "modified": "2023-06-20T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_157_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/164970", "sourceData": "Binary data apple_ios_157_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}], "malwarebytes": [{"lastseen": "2022-09-02T00:02:49", "description": "Apple has released a [security update](<https://support.apple.com/en-gb/HT213428>) for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices.\n\nThe WebKit zero-day that is known as [CVE-2022-32893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893>) was fixed for iOS 15.6.1, iPadOS 15.6, and macOS Monterey 12.5.1 on August 17, and for Safari in macOS Big Sur and macOS Catalina on August 18. This update applies to older devices running iOS 12.\n\n## Zero-day?\n\nTechnically this is not a zero-day, because by definition a zero-day is a software vulnerability previously unknown to those who should be interested in fixing it, like the vendor of the target. And since this vulnerability has been known for weeks it is no longer considered a zero-day, although users of older Apple OS versions were unable to install a patch for this vulnerability until now.\n\n## WebKit vulnerability\n\n[CVE-2022-32893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893>) is an out-of-bounds write issue that was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution. An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability. The vulnerability exists in Apple's HTML rendering software, WebKit, which powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.\n\nApple has already said it's aware of a report that the issue may have been actively exploited.\n\n## Not vulnerable\n\nApple mentions in the security update for CVE-2022-32893 that iOS 12 is not impacted by [CVE-2022-32894](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32894>). As we mentioned in our blog about the [two actively exploited zero-days](<https://www.malwarebytes.com/blog/news/2022/08/urgent-update-for-macos-and-ios-two-actively-exploited-zero-days-fixed>) it seems likely that these vulnerabilities were found in an active attack that chained the two vulnerabilities together. The attack could, for example, be done in the form of a watering hole or as part of an exploit kit. CVE-2022-32893 could be exploited for initial code to be run, and this code could be used to leverage CVE-2022-32894 to obtain kernel privileges. This does not mean the WebKit vulneraility can do no harm on devices that are not vulnerable to CVE-2022-32894, as it could be chained with another vulnerability to obtain higher privileges,\n\n## Mitigation\n\nOther than the information that the exploit has been used in the wild, Apple has not released any specifics about the vulnerability. The vulnerabilities are on [the CISA list of vulnerabilities to be patched by September 8](<https://www.malwarebytes.com/blog/news/2022/08/cisa-wants-you-to-patch-these-actively-exploited-vulnerabilities-before-september-8>).\n\nOwners of an iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, or iPod touch (6th generation) can [use the update function on the device](<https://support.apple.com/en-us/HT204204>) or use [iTunes to update the software](<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjBpoj9u_P5AhVC4oUKHXvuAl8QFnoECAMQAw&url=https%3A%2F%2Fsupport.apple.com%2Fguide%2Fitunes%2Fupdate-device-software-itns3235%2Fwindows&usg=AOvVaw39LVcAxhkcEzGHex00m13N>) to iOS 12.5.6.\n\nStay safe, everyone!", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-01T19:00:00", "type": "malwarebytes", "title": "Apple releases security update for iPhones and iPads to address vulnerability", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-09-01T19:00:00", "id": "MALWAREBYTES:6B076C11790BA7213FDAD04636FDD786", "href": "https://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-21T00:04:01", "description": "On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as **[CVE-2022-32917](<https://cve.report/CVE-2022-32917>)**.\n\nAs it's a zero-day, nothing much is said about CVE-2022-32917, only that it may allow malformed applications to execute potentially malicious code with kernel privileges. Apple says it's patched this flaw with improved bounds checks. Below is a list of products this bug affects:\n\n * Macs running [macOS Monterey 12.6](<https://support.apple.com/en-us/HT213444>) and [macOS Big Sur 11.7](<https://support.apple.com/en-us/HT213443>)\n * iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nCVE-2022-32917 is the eighth zero-day flaw that Apple has addressed since the beginning of 2022. The first seven are as follows:\n\n * [CVE-2022-32894](<https://cve.report/CVE-2022-32894>), a flaw in the iOS Kernel, was patched in August\n * [CVE-2022-32893](<https://cve.report/CVE-2022-32893>), a flaw in WebKit, was patched in August\n * [CVE-2022-22674](<https://cve.report/CVE-2022-22674>), an Intel Graphics Driver bug, was patched in March\n * [CVE-2022-22675](<https://cve.report/CVE-2022-22675>), a bug in AppleACD, was patched in March\n * [CVE-2022-22620](<https://cve.report/CVE-2022-22620>), a WebKit bug affecting iPhones, Macs, and iPads, was patched in February\n * [CVE-2022-22587](<https://cve.report/CVE-2022-22587>), a privileged code execution flaw, was patched in January\n * [CVE-2022-22594](<https://cve.report/CVE-2022-22594>), a web browser activity tracking flaw, was patched in January\n\n## Mitigation\n\nSince we received a lot of questions about what actions are needed, we're adding this section for your convenience.\n\nThe necessary updates for these vulnerabilities were included in:\n\n * the [September 12 update for macOS Big Sur 11.7](<https://support.apple.com/en-us/HT213443>).\n * the [September 12 update for macOS Monterey 12.6](<https://support.apple.com/en-us/HT213444>).\n * the [September 12 update for iOS 15.7 and iPadOS 15.7](<https://support.apple.com/en-us/HT213445>). \n\nThese should all have reached you in your regular update routines, but it doesn't hurt to check if your device is at the [latest update level](<https://support.apple.com/en-us/HT201222>). \n\n[How to update your iPhone or iPad.](<https://support.apple.com/en-us/HT204204>)\n\n[How to update macOS on Mac](<https://support.apple.com/en-us/HT201541>).\n\nIf you fear your Mac has been infected, try out [Malwarebytes for Mac](<https://malwarebytes.com/mac>). Or [Malwarebytes for iOS](<https://support.malwarebytes.com/hc/en-us/categories/360002468273-Malwarebytes-for-iOS>) for your Apple devices.\n\nAs this latest vulnerability is already being exploited, it's really important that you update your devices as soon as you can. Stay safe!", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T14:00:00", "type": "malwarebytes", "title": "[updated] Important update! iPhones, Macs, and more vulnerable to zero-day bug", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22587", "CVE-2022-22594", "CVE-2022-22620", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-32917"], "modified": "2022-09-13T14:00:00", "id": "MALWAREBYTES:E9F8D9962C90DF0556F1F4180FFAA7D7", "href": "https://www.malwarebytes.com/blog/news/2022/09/update-now-apple-devices-are-exposed-to-a-new-zero-day-flaw", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-20T02:02:13", "description": "Apple has released emergency [security updates](<https://support.apple.com/en-us/HT201222>) to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). These are the CVEs you need to know:\n\n## Kernel privileges\n\n[CVE-2022-32894](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32894>): An out-of-bounds write issue was addressed with improved bounds checking. The vulnerability could allow an application to execute arbitrary code with kernel privileges. The kernel privileges are the highest possible privileges, so an attacker could take complete control of a vulnerable system by exploiting this vulnerability.\n\nApple points out that they are aware of a report that this issue may have been actively exploited.\n\n## WebKit\n\n[CVE-2022-32893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893>): An out-of-bounds write issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution. An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability. Since the vulnerability exists in Apple's HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.\n\nApple points out that they are aware of a report that this issue may have been actively exploited.\n\n## More details\n\nApple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. And even then, it depends on the anonymous researcher(s) that reported the vulnerabilities whether we will ever learn the technical details. Or when someone is able to reverse engineer the update that fixes the vulnerability.\n\nThat being said, it seems likely that these vulnerabilities were found in an active attack that chained the two vulnerabilities together. The attack could, for example, be done in the form of a [watering hole](<https://www.malwarebytes.com/blog/news/2016/07/intentional-security-holes#:~:text=Watering%20holes%20are%20used%20as,that%20visits%20the%20site%20unprotected.>) or as part of an [exploit kit](<https://www.malwarebytes.com/blog/threats/exploit-kits>). CVE-2022-32892 could be exploited for initial code to be run. This code could be used to leverage CVE-2022-32894 to obtain kernel privileges\n\n## Mitigation\n\nUsers are under advice to implement the updates as soon as possible, by upgrading to:\n\n * iOS 15.6.1\n * iPadOS 15.6.\n * macOS Monterey 12.5.1\n\nDetails can be found on the security content for [macOS](<https://support.apple.com/en-us/HT213413>) page. And instructions to apply updates are available on the [Apple Security Updates](<https://support.apple.com/en-us/HT201222>) page.\n\n## Update August 19, 2022\n\nThe fix for CVE-2022-32893 is now also available for Safari in macOS Big Sur and macOS Catalina.\n\nCISA has added both CVE's to the [list of known to be exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) with a due date for patching of September 8, 2022.\n\nStay safe, everyone!", "cvss3": {}, "published": "2022-08-18T10:00:00", "type": "malwarebytes", "title": "Urgent update for macOS and iOS! Two actively exploited zero-days fixed", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-32892", "CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-18T10:00:00", "id": "MALWAREBYTES:570936F207FD4A3EB4366346C255209A", "href": "https://www.malwarebytes.com/blog/news/2022/08/urgent-update-for-macos-and-ios-two-actively-exploited-zero-days-fixed", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-23T00:02:12", "description": "On Thursday, CISA (the US Cybersecurity and Infrastructure Security Agency) updated [its catalog of actively exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch the weaknesses by September 8, 2022.\n\nCVE-2022-22536, an SAP flaw with the highest risk score of 10, is one of the seven. We wrote about it in February, and thankfully, SAP addressed the issue fairly quickly, too, by issuing a patch. CISA even mentioned that if customers fail to patch CVE-2022-22536, they could be exposed to ransomware attacks, data theft, financial fraud, and other business disruptions that'd cost them millions.\n\n[**CVE-2022-32893**](<https://cve.report/CVE-2022-32893>) and [**CVE-2022-32894**](<https://cve.report/CVE-2022-32894>), the two zero-day, out-of-bounds write vulnerabilities affecting iOS, iPadOS, and macOS, continue to [headline](<https://www.malwarebytes.com/blog/news/2022/08/urgent-update-for-macos-and-ios-two-actively-exploited-zero-days-fixed>) as of this writing. These are serious flaws that, if left unpatched, could allow anyone to take control of vulnerable Apple systems. Apple already released fixes for these from the following support pages:\n\n * [About the security content of iOS 15.6.1 and iPadOS 15.6.1](<https://support.apple.com/en-gb/HT213412>)\n * [About the security content of macOS Monterey 12.5.1](<https://support.apple.com/en-gb/HT213413>)\n * [About the security content of Safari 15.6.1](<https://support.apple.com/en-us/HT213414>)\n\nThe Google Chrome flaw with high severity, **[CVE-2022-2856](<https://www.malwarebytes.com/blog/news/2022/08/update-chrome-now-google-issues-patch-for-zero-day-spotted-in-the-wild>)**, is also [confirmed](<https://www.forbes.com/sites/daveywinder/2022/08/20/google-confirms-chrome-zero-day-5-as-attacks-begin-update-now/>) to be targeted by hackers. As with other zero-days, technical details about it are light, but the [advisory](<https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html>) states that the flaw is an \"insufficient validation of untrusted input in Intents.\" The [Intents](<https://developers.google.com/assistant/conversational/intents>) technology works in the background and is involved in processing user input or handling a system event. If this flaw is exploited, anyone could create a malicious input that Chrome may validate incorrectly, leading to arbitrary code execution or system takeover.\n\nGoogle already patched this. While Chrome should've updated automatically, it is recommended to force an update check to ensure the patch is applied.\n\nMicrosoft also has patches available for **[CVE-2022-21971](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971>)** and **[CVE-2022-26923](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923>)** in February and May, respectively. The former was given an \"exploitation less likely\" probability, but that has already changed--a [proof-of-concept (PoC)](<https://www.malwarebytes.com/glossary/proof-of-concept>) has been available since March. PoC exploits were also made public for the latter Microsoft flaw. However, these were released after Microsoft had already pushed out a patch.\n\nPalo Alto Networks's is the oldest among the new vulnerabilities added to the catalog. Discovered in 2017, **[CVE-2017-15944](<https://nvd.nist.gov/vuln/detail/CVE-2017-15944>)** has a severity rating of 9.8 (Critical). Once exploited, attackers could perform remote code execution on affected systems. You can read more about this flaw on [Palo Alto's advisory page](<https://security.paloaltonetworks.com/CVE-2017-15944>).\n\nMalwarebytes advises readers to apply patches to these flaws if they use products of the companies we mentioned. You don't have to wait for the due date before you act.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-22T15:00:00", "type": "malwarebytes", "title": "CISA wants you to patch these actively exploited vulnerabilities before September 8", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15944", "CVE-2022-21971", "CVE-2022-22536", "CVE-2022-26923", "CVE-2022-2856", "CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-22T15:00:00", "id": "MALWAREBYTES:2B7FA24A43BE3D53EA1E393BEC594625", "href": "https://www.malwarebytes.com/blog/news/2022/08/cisa-wants-you-to-patch-these-actively-exploited-vulnerabilities-before-september-8", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2023-06-03T22:02:46", "description": "# About the security content of iOS 12.5.6\n\nThis document describes the security content of iOS 12.5.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.5.6\n\niOS 12 is not impacted by CVE-2022-32894.\n\nReleased August 31, 2022\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 243557 \nCVE-2022-32893: an anonymous researcher\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 31, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-31T00:00:00", "type": "apple", "title": "About the security content of iOS 12.5.6", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-31T00:00:00", "id": "APPLE:F99F855A2C143ACC1F38687F55E85474", "href": "https://support.apple.com/kb/HT213428", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T22:02:46", "description": "# About the security content of macOS Monterey 12.5.1\n\nThis document describes the security content of macOS Monterey 12.5.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.5.1\n\nReleased August 17, 2022\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32894: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 243557 \nCVE-2022-32893: an anonymous researcher\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 17, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.5.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-17T00:00:00", "id": "APPLE:94E98E15A096BFEBBCA4E7BF7D3D6C7D", "href": "https://support.apple.com/kb/HT213413", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T22:02:47", "description": "# About the security content of iOS 15.6.1 and iPadOS 15.6.1\n\nThis document describes the security content of iOS 15.6.1 and iPadOS 15.6.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 15.6.1 and iPadOS 15.6.1\n\nReleased August 17, 2022\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32894: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 243557 \nCVE-2022-32893: an anonymous researcher\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 17, 2022\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "apple", "title": "About the security content of iOS 15.6.1 and iPadOS 15.6.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-17T00:00:00", "id": "APPLE:5D20BFFCE6B79E6E7DF122C3E4FF65AC", "href": "https://support.apple.com/kb/HT213412", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-17T06:09:48", "description": "# About the security content of macOS Big Sur 11.7\n\nThis document describes the security content of macOS Big Sur 11.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.7\n\nReleased September 12, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: An issue in code signature validation was addressed with improved checks.\n\nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.\n\nEntry added October 27, 2022\n\n**ATS**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2022-32904: Mickey Jin (@patch1t)\n\nEntry added October 27, 2022\n\n**ATS**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32902: Mickey Jin (@patch1t)\n\n**Calendar**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to read sensitive location information\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2022-42819: an anonymous researcher\n\nEntry added October 27, 2022\n\n**Contacts**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\n**GarageBand**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added October 27, 2022\n\n**ImageIO**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A denial-of-service issue was addressed with improved validation.\n\nCVE-2022-1622\n\nEntry added October 27, 2022\n\n**Image Processing**\n\nAvailable for: macOS Big Sur\n\nImpact: A sandboxed app may be able to determine which app is currently using the camera\n\nDescription: The issue was addressed with additional restrictions on the observability of app states.\n\nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added October 27, 2022\n\n**iMovie**\n\nAvailable for: macOS Big Sur\n\nImpact: A user may be able to view sensitive user information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-46701: Felix Poulin-Belanger\n\nEntry added May 11, 2023\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-32914: Zweig of Kunlun Lab\n\nEntry added October 27, 2022\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\n\nCVE-2022-32911: Zweig of Kunlun Lab\n\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nEntry updated October 27, 2022\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32894: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32917: an anonymous researcher\n\n**Maps**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nEntry updated October 27, 2022\n\n**MediaLibrary**\n\nAvailable for: macOS Big Sur\n\nImpact: A user may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-32908: an anonymous researcher\n\n**ncurses**\n\nAvailable for: macOS Big Sur\n\nImpact: A user may be able to cause unexpected app termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2021-39537\n\nEntry added October 27, 2022\n\n**PackageKit**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32900: Mickey Jin (@patch1t)\n\n**Sandbox**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added October 27, 2022\n\n**Security**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to bypass code signing checks\n\nDescription: An issue in code signature validation was addressed with improved checks.\n\nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nEntry added October 27, 2022\n\n**Sidecar**\n\nAvailable for: macOS Big Sur\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nEntry added October 27, 2022\n\n**SMB**\n\nAvailable for: macOS Big Sur\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32934: Felix Poulin-Belanger\n\nEntry added October 27, 2022\n\n**Vim**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-1720\n\nCVE-2022-2000\n\nCVE-2022-2042\n\nCVE-2022-2124\n\nCVE-2022-2125\n\nCVE-2022-2126\n\nEntry added October 27, 2022\n\n**Weather**\n\nAvailable for: macOS Big Sur\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32875: an anonymous researcher\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242047 \nCVE-2022-32888: P1umer (@p1umer)\n\nEntry added October 27, 2022\n\n\n\n## Additional recognition\n\n**apache**\n\nWe would like to acknowledge Tricia Lee of Enterprise Service Center for their assistance.\n\nEntry added May 11, 2023\n\n**Identity Services**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 11, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-12T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.7", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39537", "CVE-2022-1622", "CVE-2022-1720", "CVE-2022-2000", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-32854", "CVE-2022-32864", "CVE-2022-32866", "CVE-2022-32875", "CVE-2022-32877", "CVE-2022-32881", "CVE-2022-32883", "CVE-2022-32888", "CVE-2022-32894", "CVE-2022-32896", "CVE-2022-32900", "CVE-2022-32902", "CVE-2022-32904", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32913", "CVE-2022-32914", "CVE-2022-32917", "CVE-2022-32924", "CVE-2022-32934", "CVE-2022-42789", "CVE-2022-42790", "CVE-2022-42793", "CVE-2022-42819", "CVE-2022-46701"], "modified": "2022-09-12T00:00:00", "id": "APPLE:CF4E2FCD25E41260852DC0DC2428E0AC", "href": "https://support.apple.com/kb/HT213443", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T22:08:53", "description": "# About the security content of iOS 15.7 and iPadOS 15.7\n\nThis document describes the security content of iOS 15.7 and iPadOS 15.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 15.7 and iPadOS 15.7\n\nReleased September 12, 2022\n\n**Apple Neural Engine**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32898: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nEntry added October 27, 2022\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-42796: Mickey Jin (@patch1t)\n\nEntry added October 27, 2022, updated May 1, 2023 \n\n**Backup**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to access iOS backups\n\nDescription: A permissions issue was addressed with additional restrictions.\n\nCVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added October 27, 2022\n\n**Contacts**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32911: Zweig of Kunlun Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32917: an anonymous researcher\n\n**Maps**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32883: Ron Masas, breakpointhq.com\n\n**MediaLibrary**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-32908: an anonymous researcher\n\n**Notifications**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user with physical access to a device may be able to access contacts from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nEntry added October 27, 2022\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**Safari Extensions**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A website may be able to track users through Safari web extensions\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 242278 \nCVE-2022-32868: Michael\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to bypass code signing checks\n\nDescription: An issue in code signature validation was addressed with improved checks.\n\nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nEntry added October 27, 2022\n\n**Shortcuts**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32872: Elite Tech Guru\n\n**Sidecar**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242047 \nCVE-2022-32888: P1umer (@p1umer)\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 241969 \nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242762 \nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit Sandboxing**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nWebKit Bugzilla: 243181 \nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity's WeBin lab\n\nEntry added October 27, 2022\n\n\n\n## Additional recognition\n\n**AppleCredentialManager**\n\nWe would like to acknowledge @jonathandata1 for their assistance.\n\nEntry added October 27, 2022\n\n**FaceTime**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**Game Center**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\n**Identity Services**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**WebKit**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**WebRTC**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 01, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-12T00:00:00", "type": "apple", "title": "About the security content of iOS 15.7 and iPadOS 15.7", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32795", "CVE-2022-32854", "CVE-2022-32864", "CVE-2022-32868", "CVE-2022-32872", "CVE-2022-32879", "CVE-2022-32883", "CVE-2022-32886", "CVE-2022-32888", "CVE-2022-32892", "CVE-2022-32898", "CVE-2022-32899", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32912", "CVE-2022-32917", "CVE-2022-32929", "CVE-2022-42790", "CVE-2022-42793", "CVE-2022-42796"], "modified": "2022-09-12T00:00:00", "id": "APPLE:8DB8A023F085402CC89932664B1481DC", "href": "https://support.apple.com/kb/HT213445", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-11T22:08:25", "description": "# About the security content of watchOS 9\n\nThis document describes the security content of watchOS 9.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 9\n\nReleased September 12, 2022\n\n**Accelerate Framework**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-42795: ryuzaki\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\n\n**Apple Neural Engine**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32898: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\n\n**Contacts**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Exchange**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: A user in a privileged network position may be able to intercept mail credentials\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32928: Ji\u0159\u00ed Vinopal (@vinopaljiri) of Check Point Research\n\nEntry updated June 8, 2023\n\n**GPU Drivers**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-32903: an anonymous researcher\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A denial-of-service issue was addressed with improved validation.\n\nCVE-2022-1622\n\n**Image Processing**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: A sandboxed app may be able to determine which app is currently using the camera\n\nDescription: The issue was addressed with additional restrictions on the observability of app states.\n\nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\n\nCVE-2022-32911: Zweig of Kunlun Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-32914: Zweig of Kunlun Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32894: an anonymous researcher\n\n**Maps**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32883: Ron Masas of breakpointhq.com\n\n**MediaLibrary**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: A user may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-32908: an anonymous researcher\n\n**Notifications**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: A user with physical access to a device may be able to access contacts from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32879: Ubeydullah S\u00fcmer\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Siri**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: A user with physical access to a device may be able to use Siri to obtain some call history information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\n**SQLite**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-36690\n\n**Watch app**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to read a persistent device identifier\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\n**Weather**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32875: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 241969 \nCVE-2022-32886: P1umer(@p1umer), afang(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242047 \nCVE-2022-32888: P1umer (@p1umer)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242762 \nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 243236 \nCVE-2022-32891: @real_as3617, an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 243557 \nCVE-2022-32893: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-46709: Wang Yu of Cyberserval\n\nEntry added June 8, 2023\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 4 and later\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32925: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**AppleCredentialManager**\n\nWe would like to acknowledge @jonathandata1 for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Mail**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Scott Hatfield of Sub-Zero Group for their assistance.\n\nEntry added June 8, 2023\n\n**Sandbox**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\n**UIKit**\n\nWe would like to acknowledge Aleczander Ewing for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**WebRTC**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 08, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-12T00:00:00", "type": "apple", "title": "About the security content of watchOS 9", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36690", "CVE-2022-1622", "CVE-2022-32835", "CVE-2022-32854", "CVE-2022-32858", "CVE-2022-32864", "CVE-2022-32866", "CVE-2022-32870", "CVE-2022-32875", "CVE-2022-32879", "CVE-2022-32881", "CVE-2022-32883", "CVE-2022-32886", "CVE-2022-32888", "CVE-2022-32889", "CVE-2022-32891", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-32898", "CVE-2022-32899", "CVE-2022-32903", "CVE-2022-32907", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32912", "CVE-2022-32913", "CVE-2022-32914", "CVE-2022-32925", "CVE-2022-32928", "CVE-2022-42795", "CVE-2022-46709"], "modified": "2022-09-12T00:00:00", "id": "APPLE:97987E2E9AC46D65F7E0A95C1BDF9921", "href": "https://support.apple.com/kb/HT213486", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-17T06:10:39", "description": "# About the security content of macOS Monterey 12.6\n\nThis document describes the security content of macOS Monterey 12.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.6\n\nReleased September 12, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: An issue in code signature validation was addressed with improved checks.\n\nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.\n\nEntry added October 27, 2022\n\n**ATS**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32902: Mickey Jin (@patch1t)\n\nEntry added October 27, 2022\n\n**ATS**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2022-32904: Mickey Jin (@patch1t)\n\nEntry added October 27, 2022\n\n**ATS**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32902: Mickey Jin (@patch1t)\n\n**Calendar**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read sensitive location information\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2022-42819: an anonymous researcher\n\nEntry added October 27, 2022\n\n**GarageBand**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added October 27, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A denial-of-service issue was addressed with improved validation.\n\nCVE-2022-1622\n\nEntry added October 27, 2022\n\n**Image Processing**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed app may be able to determine which app is currently using the camera\n\nDescription: The issue was addressed with additional restrictions on the observability of app states.\n\nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added October 27, 2022\n\n**iMovie**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to view sensitive user information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-46701: Felix Poulin-Belanger\n\nEntry added May 11, 2023\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-32914: Zweig of Kunlun Lab\n\nEntry added October 27, 2022\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32911: Zweig of Kunlun Lab\n\nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\n\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nEntry updated October 27, 2022\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32917: an anonymous researcher\n\n**Maps**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nEntry updated October 27, 2022\n\n**MediaLibrary**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-32908: an anonymous researcher\n\n**ncurses**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to cause unexpected app termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2021-39537\n\nEntry added October 27, 2022\n\n**Notes**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position may be able to track user activity\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2022-42818: Gustav Hansen from WithSecure\n\nEntry added December 22, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32900: Mickey Jin (@patch1t)\n\n**Sandbox**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added October 27, 2022\n\n**Security**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass code signing checks\n\nDescription: An issue in code signature validation was addressed with improved checks.\n\nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nEntry added October 27, 2022\n\n**Sidecar**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nEntry added October 27, 2022\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32934: Felix Poulin-Belanger\n\nEntry added October 27, 2022\n\n**Vim**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-0261\n\nCVE-2022-0318\n\nCVE-2022-0319\n\nCVE-2022-0351\n\nCVE-2022-0359\n\nCVE-2022-0361\n\nCVE-2022-0368\n\nCVE-2022-0392\n\nEntry added October 27, 2022\n\n**Vim**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-1720\n\nCVE-2022-2000\n\nCVE-2022-2042\n\nCVE-2022-2124\n\nCVE-2022-2125\n\nCVE-2022-2126\n\nEntry added October 27, 2022\n\n**Weather**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32875: an anonymous researcher\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242047 \nCVE-2022-32888: P1umer (@p1umer)\n\nEntry added October 27, 2022\n\n\n\n## Additional recognition\n\n**apache**\n\nWe would like to acknowledge Tricia Lee of Enterprise Service Center for their assistance.\n\nEntry added May 11, 2023\n\n**Identity Services**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 11, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-12T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39537", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0319", "CVE-2022-0351", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0368", "CVE-2022-0392", "CVE-2022-1622", "CVE-2022-1720", "CVE-2022-2000", "CVE-2022-2042", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-32864", "CVE-2022-32866", "CVE-2022-32875", "CVE-2022-32877", "CVE-2022-32881", "CVE-2022-32883", "CVE-2022-32888", "CVE-2022-32896", "CVE-2022-32900", "CVE-2022-32902", "CVE-2022-32904", "CVE-2022-32908", "CVE-2022-32911", "CVE-2022-32913", "CVE-2022-32914", "CVE-2022-32917", "CVE-2022-32924", "CVE-2022-32934", "CVE-2022-42789", "CVE-2022-42790", "CVE-2022-42793", "CVE-2022-42818", "CVE-2022-42819", "CVE-2022-46701"], "modified": "2022-09-12T00:00:00", "id": "APPLE:00B94E757766A642E6CC57C541A7B04B", "href": "https://support.apple.com/kb/HT213444", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-17T06:09:26", "description": "# About the security content of iOS 16\n\nThis document describes the security content of iOS 16.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 16\n\nReleased September 12, 2022\n\n**Accelerate Framework**\n\nAvailable for: iPhone 8 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2022-42795: ryuzaki\n\nEntry added October 27, 2022\n\n**AppleAVD**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to cause a denial-of-service\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher\n\nEntry added October 27, 2022\n\n**AppleAVD**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\n\nEntry added October 27, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added March 16, 2023\n\n**Apple Neural Engine**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nEntry added October 27, 2022\n\n**Apple Neural Engine**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32898: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\n\nEntry added October 27, 2022\n\n**Apple TV**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added October 27, 2022\n\n**Contacts**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Crash Reporter**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user with physical access to an iOS device may be able to read past diagnostic logs\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\nEntry added October 27, 2022\n\n**DriverKit**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nEntry added October 27, 2022\n\n**Exchange**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user in a privileged network position may be able to intercept mail credentials\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32928: Ji\u0159\u00ed Vinopal (@vinopaljiri) of Check Point Research\n\nEntry added October 27, 2022, updated March 16, 2023 \n\n**FaceTime**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user may send audio and video in a FaceTime call without knowing that they have done so\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of University of Florida\n\nEntry added March 16, 2023\n\n**GPU Drivers**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\nEntry added March 16, 2023\n\n**GPU Drivers**\n\nAvailable for: iPhone 8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26744: an anonymous researcher\n\nEntry added October 27, 2022\n\n**GPU Drivers**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-32903: an anonymous researcher\n\nEntry added October 27, 2022\n\n**ImageIO**\n\nAvailable for: iPhone 8 and later\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A denial-of-service issue was addressed with improved validation.\n\nCVE-2022-1622\n\nEntry added October 27, 2022\n\n**Image Processing**\n\nAvailable for: iPhone 8 and later\n\nImpact: A sandboxed app may be able to determine which app is currently using the camera\n\nDescription: The issue was addressed with additional restrictions on the observability of app states.\n\nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added October 27, 2022\n\n**IOGPUFamily**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32887: an anonymous researcher\n\nEntry added October 27, 2022\n\n**Kernel**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2022-32916: Pan ZhenPeng of STAR Labs SG Pte. Ltd.\n\nEntry added November 9, 2022\n\n**Kernel**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-32914: Zweig of Kunlun Lab\n\nEntry added October 27, 2022\n\n**Kernel**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\n\nCVE-2022-32911: Zweig of Kunlun Lab\n\nEntry updated October 27, 2022 \n\n**Kernel**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: iPhone 8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges.\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32917: an anonymous researcher \n\n**Maps**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32883: Ron Masas, breakpointhq.com\n\n**MediaLibrary**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-32908: an anonymous researcher\n\n**Notifications**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user with physical access to a device may be able to access contacts from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nEntry added October 27, 2022\n\n**Photos**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2022-32918: Ashwani Rajput of Nagarro Software Pvt. Ltd, Srijan Shivam Mishra of The Hack Report, Jugal Goradia of Aastha Technologies, Evan Ricafort (evanricafort.com) of Invalid Web Security, Shesha Sai C (linkedin.com/in/shesha-sai-c-18585b125), Amod Raghunath Patwardhan of Pune, India\n\nEntry added October 27, 2022, updated March 16, 2023 \n\n**Safari**\n\nAvailable for: iPhone 8 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**Safari Extensions**\n\nAvailable for: iPhone 8 and later\n\nImpact: A website may be able to track users through Safari web extensions\n\nDescription: A logic issue was addressed with improved state management.\n\nWebKit Bugzilla: 242278 \nCVE-2022-32868: Michael\n\n**Sandbox**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added October 27, 2022\n\n**Security**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to bypass code signing checks\n\nDescription: An issue in code signature validation was addressed with improved checks.\n\nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nEntry added October 27, 2022\n\n**Shortcuts**\n\nAvailable for: iPhone 8 and later\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32872: Elite Tech Guru\n\n**Sidecar**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user may be able to view restricted content from the lock screen\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nEntry added October 27, 2022\n\n**Siri**\n\nAvailable for: iPhone 8 and later\n\nImpact: A person with physical access to a device may be able to use Siri to access private calendar information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2022-32871: Amit Prajapat of Payatu Security Consulting Private Limited\n\nEntry added March 16, 2023\n\n**Siri**\n\nAvailable for: iPhone 8 and later\n\nImpact: A user with physical access to a device may be able to use Siri to obtain some call history information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/)\n\nEntry added October 27, 2022\n\n**Software Update**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nEntry added November 9, 2022\n\n**SQLite**\n\nAvailable for: iPhone 8 and later\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-36690\n\nEntry added October 27, 2022\n\n**Time Zone**\n\nAvailable for: iPhone 8 and later\n\nImpact: Deleted contacts may still appear in spotlight search results\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32859\n\nEntry added October 27, 2022\n\n**Watch app**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to read a persistent device identifier\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nEntry added October 27, 2022\n\n**Weather**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to read sensitive location information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32875: an anonymous researcher\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: iPhone 8 and later\n\nImpact: An unauthorized user may be able to access browsing history\n\nDescription: An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored.\n\nCVE-2022-32833: Csaba Fitzl (@theevilbit) of Offensive Security, Jeff Johnson\n\nEntry added November 9, 2022\n\n**WebKit**\n\nAvailable for: iPhone 8 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242047 \nCVE-2022-32888: P1umer (@p1umer)\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: iPhone 8 and later\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 243236 \nCVE-2022-32891: @real_as3617, and an anonymous researcher\n\nEntry added October 27, 2022\n\n**WebKit**\n\nAvailable for: iPhone 8 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nWebKit Bugzilla: 241969 \nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\n**WebKit**\n\nAvailable for: iPhone 8 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nWebKit Bugzilla: 242762 \nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative\n\n**WebKit Sandboxing**\n\nAvailable for: iPhone 8 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nWebKit Bugzilla: 243181 \nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity's WeBin lab\n\nEntry added October 27, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-46709: Wang Yu of Cyberserval\n\nEntry added March 16, 2023\n\n**Wi-Fi**\n\nAvailable for: iPhone 8 and later\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32925: Wang Yu of Cyberserval\n\nEntry added October 27, 2022\n\n\n\n## Additional recognition\n\n**AirDrop**\n\nWe would like to acknowledge Alexander Heinrich, Milan Stute, and Christian Weinert of Technical University of Darmstadt for their assistance.\n\nEntry added October 27, 2022\n\n**AppleCredentialManager**\n\nWe would like to acknowledge @jonathandata1 for their assistance.\n\nEntry added October 27, 2022\n\n**Calendar UI**\n\nWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance.\n\nEntry added October 27, 2022\n\n**CoreGraphics**\n\nWe would like to acknowledge Simon de Vegt for their assistance.\n\nEntry added November 9, 2022\n\n**FaceTime**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**Find My**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**Game Center**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\n**iCloud**\n\nWe would like to acknowledge B\u00fclent Aytulun, and an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**Identity Services**\n\nWe would like to acknowledge Joshua Jones for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, and an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**Mail**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**Notes**\n\nWe would like to acknowledge Edward Riley of Iron Cloud Limited (ironclouduk.com) for their assistance.\n\nEntry added October 27, 2022\n\n**Photo Booth**\n\nWe would like to acknowledge Prashanth Kannan of Dremio for their assistance.\n\nEntry added October 27, 2022\n\n**Safari**\n\nWe would like to acknowledge Scott Hatfield of Sub-Zero Group for their assistance.\n\nEntry added March 16, 2023\n\n**Sandbox**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\nEntry added October 27, 2022\n\n**Shortcuts**\n\nWe would like to acknowledge Shay Dror for their assistance.\n\nEntry added October 27, 2022\n\n**SOS**\n\nWe would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber Security Lab for their assistance.\n\nEntry added October 27, 2022\n\n**UIKit**\n\nWe would like to acknowledge Aleczander Ewing, Simon de Vegt, and an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**WebKit**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\n**WebRTC**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added October 27, 2022\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-12T00:00:00", "type": "apple", "title": "About the security content of iOS 16", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36690", "CVE-2022-1622", "CVE-2022-22643", "CVE-2022-26744", "CVE-2022-32793", "CVE-2022-32795", "CVE-2022-32827", "CVE-2022-32833", "CVE-2022-32835", "CVE-2022-32854", "CVE-2022-32858", "CVE-2022-32859", "CVE-2022-32864", "CVE-2022-32865", "CVE-2022-32866", "CVE-2022-32867", "CVE-2022-32868", "CVE-2022-32870", "CVE-2022-32871", "CVE-2022-32872", "CVE-2022-32875", "CVE-2022-32877", "CVE-2022-32879", "CVE-2022-32881", "CVE-2022-32883", "CVE-2022-32886", "CVE-2022-32887", "CVE-2022-32888", "CVE-2022-32889", "CVE-2022-32891", "CVE-2022-32892", "CVE-2022-32898", "CVE-2022-32899", "CVE-2022-32903", "CVE-2022-32907", "CVE-2022-32908", "CVE-2022-32909", "CVE-2022-32911", "CVE-2022-32912", "CVE-2022-32913", "CVE-2022-32914", "CVE-2022-32916", "CVE-2022-32917", "CVE-2022-32918", "CVE-2022-32925", "CVE-2022-32928", "CVE-2022-42790", "CVE-2022-42791", "CVE-2022-42793", "CVE-2022-42795", "CVE-2022-46709"], "modified": "2022-09-12T00:00:00", "id": "APPLE:E351282C4281387D6A17586B33AF689C", "href": "https://support.apple.com/kb/HT213446", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-09-02T04:02:55", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi8JrXgDyLy6HpjJWdxgVr6irc0Shj9654hXCdj-aEZ6FnuItSwgx88l21PrA26t2XnsOHja8H5JMGXnIGuZlMiwEpPK9_69v7Ewg-LUf1yZgkUgMr5nHHR1I59ZbFr_Bmp_-riP73mTrzNA31GVyPK-iGoTA6OJmB0R-Cj449CIwjGFNQoYuT2k6_C/s728-e100/apple.jpg>)\n\nApple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a [critical security flaw](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) that has been actively exploited in the wild.\n\nThe shortcoming, tracked as **CVE-2022-32893** (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.\n\nWebKit is the browser engine that powers Safari and every other third-party browser available on iOS and iPadOS, meaning a flaw uncovered in the platform poses a security risk to users of Google Chrome, Mozilla Firefox, and Microsoft Edge as well.\n\nThe tech giant said it fixed the bug with improved bounds checking. An anonymous researcher has been credited for reporting the vulnerability.\n\nThe iOS 12.5.6 update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).\n\n\"iOS 12 is not impacted by CVE-2022-32894,\" Apple [noted](<https://support.apple.com/en-us/HT213428>) in its advisory.\n\nThe latest set of patches arrives weeks after the iPhone maker [remediated the two flaws](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates shipped on August 18, 2022.\n\n\"Apple is aware of a report that this issue may have been actively exploited,\" it acknowledged in a boilerplate statement, although details regarding the nature of the attacks are unknown.\n\nUsers of older iOS devices are advised to apply the updates as soon as possible to mitigate potential threats.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-01T03:24:00", "type": "thn", "title": "Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-09-02T02:41:18", "id": "THN:7A0BB9AD4437D8A1043E4BE4BA0E915C", "href": "https://thehackernews.com/2022/09/apple-releases-ios-update-for-older.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-14T08:22:49", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjBAbKGPJ0333Ymy0pNRh1c2YnrPqm6TS2UIjUjovslcTAhZDG3ZiJL2NUGwYskLCWmfGgOrY2C7Oc4f0mSnUJpQx8uiCxQx1F8ThJNkKWy0mvxkKZyYnL5JSm5bgrDyPNaikwN2eUSslZnjTx6WxpApYeSvWf5SyIsbvk-dvrtzyNCGFSdpQF6zVtW/s728-e100/apple-software-update.jpg>)\n\nApple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.\n\nThe issue, assigned the identifier **CVE-2022-32917**, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.\n\n\"Apple is aware of a report that this issue may have been actively exploited,\" the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks.\n\nAn anonymous researcher has been credited with reporting the shortcoming. It's worth noting that CVE-2022-32917 is also the [second Kernel related zero-day flaw](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) that Apple has remediated in less than a month.\n\nPatches are available in versions [iOS 15.7, iPadOS 15.7](<https://support.apple.com/en-us/HT213445>), [iOS 16](<https://support.apple.com/en-us/HT213446>), [macOS Big Sur 11.7](<https://support.apple.com/en-us/HT213443>), and [macOS Monterey 12.6](<https://support.apple.com/en-us/HT213444>). The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\nWith the latest fixes, Apple has addressed seven actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year -\n\n * [**CVE-2022-22587**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (IOMobileFrameBuffer) \u2013 A malicious application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-22594**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (WebKit Storage) \u2013 A website may be able to track sensitive user information (publicly known but not actively exploited) \n * [**CVE-2022-22620**](<https://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-22674**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (Intel Graphics Driver) \u2013 An application may be able to read kernel memory\n * [**CVE-2022-22675**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (AppleAVD) \u2013 An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-32893**](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-32894**](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) (Kernel) \u2013 An application may be able to execute arbitrary code with kernel privileges\n\nBesides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, spanning Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new [Lockdown Mode](<https://thehackernews.com/2022/07/apples-new-lockdown-mode-protects.html>) that's designed to make zero-click attacks harder.\n\niOS further introduces a feature called [Rapid Security Response](<https://thehackernews.com/2022/06/apples-new-feature-will-install.html>) that makes it possible for users to automatically install security fixes on iOS devices without a full operating system update.\n\n\"Rapid Security Responses deliver important security improvements more quickly, before they become part of other improvements in a future software update,\" Apple said in a [revised support document](<https://support.apple.com/en-us/HT204204>) published on Monday.\n\nLastly, iOS 16 also brings support for [passkeys](<https://thehackernews.com/2022/05/google-to-add-passwordless.html>) in the Safari web browser, a passwordless sign-in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T03:36:00", "type": "thn", "title": "Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22587", "CVE-2022-22594", "CVE-2022-22620", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-32917"], "modified": "2022-09-14T04:13:45", "id": "THN:A60A19BF44B2CA75E63F31234992BE54", "href": "https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-28T08:06:13", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEicrH886obh9SXVkYLlYlisP0KIsoT0qSHaXuhKykWpDFh1uMlJkZdzfpWXcSJXu-B1ctaTItaWBqJBVlJ_v4NGUD4ZLLwAO_beB0N6Uzay-2yDaaSv6jxj89Vx77ugTTYvW_tcsEXN2JEmVPoBtlwpDNsB1nldCeLT_hdp6cOLoHJUyepNmg_eJrZQ/s728-e100/apple.jpg>)\n\nTech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild.\n\nThe weakness, given the identifier [CVE-2022-42827](<https://support.apple.com/en-us/HT213489>), has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges.\n\nSuccessful exploitation of [out-of-bounds write](<https://cwe.mitre.org/data/definitions/787.html>) flaws, which typically occur when a program attempts to write data to a memory location that's outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code.\n\nThe iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability.\n\nAs is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's \"aware of a report that this issue may have been actively exploited.\"\n\nCVE-2022-42827 is the third consecutive Kernel-related out-of-bounds memory vulnerability to be patched by Apple after [CVE-2022-32894](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) and [CVE-2022-32917](<https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html>), the latter two of which have also been previously reported to be weaponized in real-world attacks.\n\nThe security update is available for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.\n\nWith the latest fix, Apple has closed out eight actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year -\n\n * [**CVE-2022-22587**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (IOMobileFrameBuffer) \u2013 A malicious application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-22594**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (WebKit Storage) \u2013 A website may be able to track sensitive user information (publicly known but not actively exploited)\n * [**CVE-2022-22620**](<https://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-22674**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (Intel Graphics Driver) \u2013 An application may be able to read kernel memory\n * [**CVE-2022-22675**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (AppleAVD) \u2013 An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-32893**](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-32894**](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) (Kernel) \u2013 An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-32917**](<https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html>) (Kernel) \u2013 An application may be able to execute arbitrary code with kernel privileges\n\nAside from CVE-2022-42827, the update also addresses 19 other security vulnerabilities, including two in Kernel, three in Point-to-Point Protocol (PPP), two in WebKit, and one each in AppleMobileFileIntegrity, Core Bluetooth, IOKit, Sandbox, and more.\n\n**_Update:_** Apple on Thursday backported fixes for the actively exploited iOS zero-day flaw (CVE-2022-42827) to older devices as part of [iOS and iPadOS 15.7.1](<https://support.apple.com/en-us/HT213490>) updates, along with patches for 17 other vulnerabilities.\n\nThe list of impacted devices consist of iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nThe tech giant also [revised the advisory](<https://support.apple.com/en-us/HT213489>) it issued earlier this week for iOS 16.1 and iPadOS 16 to include 15 more new flaws, including four issues in the Kernel and others in Apple Neural Engine, FaceTime, Graphics Driver, and zlib, taking the total number of fixes to 36.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T03:35:00", "type": "thn", "title": "Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22587", "CVE-2022-22594", "CVE-2022-22620", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-32917", "CVE-2022-42827"], "modified": "2022-10-28T07:13:48", "id": "THN:4B97BCD00CAE89549A57EBFAECA484AE", "href": "https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-14T04:09:16", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgoCPCCOzJCgi-nOCQAqAQg46fLbD3eNO6pq7T-DQyf-SX-6jNvv0GYdNkE5YYeQDG_SL2FaxnexqUnN1cSbFmVjD64JBZiBXR5gS5DtbrO6oC-wto8yG1Fl0sg39ZcM9suGiVjGMsXYhj2KUTDp0mmfES_LspF8eSX-JlZPR3C9Pv6cKyityz7MmKx/s728-e100/apple.png>)\n\nApple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code.\n\nTracked as **CVE-2022-42856**, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to arbitrary code execution.\n\nThe company said it's \"aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.\"\n\nWhile details surrounding the exact nature of the attacks are unknown as yet, it's likely that it involved a case of social engineering or a watering hole to infect the devices when visiting a rogue or legitimate-but-compromised domain via the browser.\n\nIt's worth noting that every third-party web browser that's available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edge, and others, is [required](<https://www.macrumors.com/2022/02/25/should-apple-ban-rival-browser-engines/>) to use the WebKit rendering engine due to restrictions imposed by Apple.\n\nCredited with discovering and reporting the issue is Cl\u00e9ment Lecigne of Google's Threat Analysis Group (TAG). Apple noted it addressed the bug with improved state handling.\n\nThe update, which is available with [iOS 15.7.2, iPadOS 15.7.2](<https://support.apple.com/en-us/HT213531>), [macOS Ventura 13.1](<https://support.apple.com/en-us/HT213532>), [tvOS 16.2](<https://support.apple.com/en-us/HT213535>), and [Safari 16.2](<https://support.apple.com/en-us/HT213537>), arrives two weeks after Apple patched the same bug in [iOS 16.1.2](<https://support.apple.com/en-us/HT213516>) on November 30, 2022.\n\nThe fix marks the resolution of the tenth zero-day vulnerability discovered in Apple software since the start of the year. It's also the ninth actively exploited zero-day flaw in 2022 -\n\n * [**CVE-2022-22587**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (IOMobileFrameBuffer) \u2013 A malicious application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-22594**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (WebKit Storage) \u2013 A website may be able to track sensitive user information (publicly known but not actively exploited)\n * [**CVE-2022-22620**](<https://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-22674**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (Intel Graphics Driver) \u2013 An application may be able to read kernel memory\n * [**CVE-2022-22675**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (AppleAVD) \u2013 An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-32893**](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-32894**](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>) (Kernel) \u2013 An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-32917**](<https://thehackernews.com/2022/09/apple-releases-ios-and-macos-updates-to.html>) (Kernel) \u2013 An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-42827**](<https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html>) (Kernel) \u2013 An application may be able to execute arbitrary code with kernel privileges\n\nThe latest [iOS, iPadOS](<https://support.apple.com/en-us/HT213530>), and [macOS](<https://support.apple.com/en-us/HT213532>) updates also introduce a new security feature called [Advanced Data Protection for iCloud](<https://thehackernews.com/2022/12/apple-boosts-security-with-new-imessage.html>) that expands end-to-end encryption (E2EE) to \u200ciCloud\u200c Backup, Notes, Photos, and more.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T03:44:00", "type": "thn", "title": "New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22587", "CVE-2022-22594", "CVE-2022-22620", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-32917", "CVE-2022-42827", "CVE-2022-42856"], "modified": "2022-12-14T04:00:30", "id": "THN:EC350D7E2CF02EC9CB76AA85E0D3F47A", "href": "https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-25T04:06:05", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhCWMbXjpEIYZVQ_1kcBejV2yvIUEVDZUmbtChK5kDR3yOQHgw7xzF_5fMXJO8OtB4JREMoYl1LUKH-FA9op00z4Fg_lHIkRoez3GmCtRczFALlUcCc1cZ9hxyX-5KgGtx6lkx78rKcTbgSh12yw68XHad2FmQ5kR6NXRfjeQRjz_jcr5-Fyy43RNGy/s728/hacking-malware-ads.jpg>)\n\nApple on Wednesday released security updates for [iOS, iPadOS](<https://support.apple.com/en-us/HT213412>), and [macOS](<https://support.apple.com/en-us/HT213413>) platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices.\n\nThe list of issues is below -\n\n * **CVE-2022-32893** \\- An out-of-bounds write issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content\n * **CVE-2022-32894** \\- An out-of-bounds write issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges\n\nApple said it addressed both the issues with improved bounds checking, adding it's aware the vulnerabilities \"may have been actively exploited.\"\n\nThe company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it's likely that they were abused as part of highly-targeted intrusions.\n\nThe latest update brings the total number of actively exploited zero-days patched by Apple to six since the start of the year -\n\n * [**CVE-2022-22587**](<https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html>) (IOMobileFrameBuffer) \u2013 A malicious application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2022-22620**](<https://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html>) (WebKit) \u2013 Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2022-22674**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (Intel Graphics Driver) \u2013 An application may be able to read kernel memory\n * [**CVE-2022-22675**](<https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html>) (AppleAVD) \u2013 An application may be able to execute arbitrary code with kernel privileges\n\nBoth the vulnerabilities have been fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\n**_Update:_** Apple on Thursday released a [security update](<https://support.apple.com/en-us/HT213414>) for Safari web browser (version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-18T03:08:00", "type": "thn", "title": "Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22587", "CVE-2022-22620", "CVE-2022-22674", "CVE-2022-22675", "CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-10-25T03:24:38", "id": "THN:DEAEC76D89D5583101E2E6036C289609", "href": "https://thehackernews.com/2022/08/apple-releases-security-updates-to.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-23T16:56:17", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjs8JaMOY9R6lUtMUspyaZkXpTsX4qNnhcrHTL9mWH5ZNa5vmozYX5_wadmPyK4zvGOflysK8-kmfWEodQkGRkX2S6SRc2Rz3Mmc6gZULQMoM1NWsDnbyPfI1hCtqNvHLJGrpMX5ei4CIFAfpq-ihMIXLWrMaa-7Q5NtgXCuo8GX35xntkWn95YjMu2/s728-e100/cisa.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a [critical SAP security flaw](<https://www.cisa.gov/uscert/ncas/current-activity/2022/08/18/cisa-adds-seven-known-exploited-vulnerabilities-catalog>) to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), based on evidence of active exploitation.\n\nThe issue in question is [CVE-2022-22536](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>), which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022.\n\nDescribed as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions -\n\n * SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87)\n * SAP Content Server (Version - 7.53)\n * SAP NetWeaver and ABAP Platform (Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49)\n\n\"An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary web caches,\" CISA said in an alert.\n\n\"A simple HTTP request, indistinguishable from any other valid message and without any kind of authentication, is enough for a successful exploitation,\" Onapsis, which [discovered](<https://onapsis.com/icmad-sap-cybersecurity-vulnerabilities>) the flaw, [notes](<https://onapsis.com/threat-report/icmad-sap-vulnerabilities>). \"Consequently, this makes it easy for attackers to exploit it and more challenging for security technology such as firewalls or IDS/IPS to detect it (as it does not present a malicious payload).\"\n\nAside from the SAP weakness, the agency added new flaws disclosed by Apple ([CVE-2022-32893 and CVE-2022-32894](<https://thehackernews.com/2022/08/apple-releases-security-updates-to.html>)) and Google ([CVE-2022-2856](<https://thehackernews.com/2022/08/new-google-chrome-zero-day.html>)) this week as well as previously documented Microsoft-related bugs ([CVE-2022-21971](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971>) and [CVE-2022-26923](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923>)) and a remote code execution vulnerability in Palo Alto Networks PAN-OS ([CVE-2017-15944](<https://nvd.nist.gov/vuln/detail/CVE-2017-15944>), CVSS score: 9.8) that was disclosed in 2017.\n\nCVE-2022-21971 (CVSS score: 7.8) is a remote code execution vulnerability in Windows Runtime that was resolved by Microsoft in February 2022. CVE-2022-26923 (CVSS score: 8.8), fixed in May 2022, relates to a privilege escalation flaw in Active Directory Domain Services.\n\n\"An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System,\" Microsoft describes in its advisory for CVE-2022-26923.\n\nThe CISA notification, as is traditionally the case, is light on technical details of in-the-wild attacks associated with the vulnerabilities so as to avoid threat actors taking further advantage of them.\n\nTo mitigate exposure to potential threats, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the relevant patches by September 8, 2022.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-20T14:19:00", "type": "thn", "title": "CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15944", "CVE-2022-21971", "CVE-2022-22536", "CVE-2022-26923", "CVE-2022-2856", "CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-09-23T13:13:33", "id": "THN:221BD04ADD3814DC78AF58DFF41861F3", "href": "https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2023-06-03T14:53:09", "description": "Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices.\n\nPatches are available for effected devices running [iOS 15.6.1](<https://support.apple.com/en-us/HT213412>) and [macOS Monterey 12.5.1](<https://support.apple.com/en-us/HT213413>). Patches address two flaws, which basically impact any Apple device that can run either iOS 15 or the Monterey version of its desktop OS, according to security updates released by Apple Wednesday.\n\nOne of the flaws is a kernel bug ([CVE-2022-32894](<https://vulners.com/cve/CVE-2022-32894>)), which is present both in iOS and macOS. According to Apple it is an \u201cout-of-bounds write issue [that] was addressed with improved bounds checking.\u201d\n\nThe vulnerability allows an application to execute arbitrary code with kernel privileges, according to Apple, which, in usual vague fashion, said there is a report that it \u201cmay have been actively exploited.\u201d\n\nThe second flaw is identified as a WebKit bug (tracked as CVE-2022-32893), which is an out-of-bounds write issue that Apple addressed with improved bounds checking. The flaw allows for processing maliciously crafted web content that can lead to code execution, and also has been reported to be under active exploit, according to Apple. WebKit is the browser engine that powers Safari and all other third-party browsers that work on iOS.\n\n### Pegasus-Like Scenario\n\nThe discovery of both flaws, about which little more beyond Apple\u2019s disclosure are known, was credited to an anonymous researcher.\n\nOne expert expressed worry that the latest Apple flaws \u201ccould effectively give attackers full access to device,\u201d they might create a [Pegasus-like](<https://threatpost.com/pegasus-spyware-blacklisted-us/175999/>) scenario similar to the one in which nation-state APTs barraged targets [with spyware](<https://threatpost.com/protecting-phones-from-pegasus-like-spyware-attacks/167909/>) made by Israeli NSO Group by exploiting an iPhone vulnerability.\n\n\u201cFor most folks: update software by end of day,\u201d [tweeted](<https://twitter.com/RachelTobac/status/1560351690221424641>) Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days. \u201cIf threat model is elevated (journalist, activist, targeted by nation states, etc): update now,\u201d Tobac warned.\n\n### Zero-Days Abound\n\nThe flaws were unveiled alongside other news from Google this week that it [was patching](<https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/>) its fifth zero-day so far this year for its Chrome browser, an arbitrary code execution bug under active attack.\n\nThe news of yet more vulnerabilities from top tech vendors being barraged by threat actors demonstrates that despite the best efforts from top-tier tech companies to address perennial security issues in their software, it remains an uphill battle, noted Andrew Whaley, senior technical director at [Promon](<http://www.promon.co/>), a Norwegian app security company.\n\nThe flaws in iOS are especially worrying, given the ubiquity of iPhones and users\u2019 utter reliance on mobile devices for their daily lives, he said. However, the onus is not only on vendors to protect these devices but also for users to be more aware of existing threats, Whaley observed.\n\n\u201cWhile we all rely on our mobile devices, they are not invulnerable, and as users we need to maintain our guard just like we do on desktop operating systems,\u201d he said in an email to Threatpost.\n\nAt the same time, developers of apps for iPhones and other mobile devices also should add an extra layer of security controls in their technology so they are less reliant on OS security for protection, given the flaws that frequently crop up, Whaley observed.\n\n\u201cOur experience shows that this is not happening enough, potentially leaving banking and other customers vulnerable,\u201d he said.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-19T15:25:56", "type": "threatpost", "title": "iPhone Users Urged to Update to Patch 2 Zero-Days", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32893", "CVE-2022-32894"], "modified": "2022-08-19T15:25:56", "id": "THREATPOST:DCD8C6A45F83A5C79CA1807D2B2A4A41", "href": "https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "trellix": [{"lastseen": "2022-10-05T00:00:00", "description": "# The Bug Report \u2014 September 2022 Edition\n\nBy Charles McFarland \u00b7 October 5, 2022\n\n As long as it works.... \n\n\n## Why am I here?\n\nWelcome back to the Bug Report, don\u2019t-stub-your-toe edition! For those in the audience unfamiliar with how we do things here, every month we filter down that month\u2019s bugs to just a handful of the most critical ones so you can sleep in and tell your boss what great research you\u2019ve been doing.\n\nWith a couple of exceptions, September has been a very welcome slow month for major bugs. As such, we\u2019ll step out from the norm a little and cover some vulns maybe more relevant to certain teams than others.\n\n * CVE-2022-34721 + CVE-2022-34718: Windows IKE + TCP/IP\n * CVE-2022-32917: MacOS, iOS, and iPadOS\n * CVE-2022-39197: Cobalt Strike\n * CVE-2007-4559: Python\n \n\n\n## CVE-2022-34721 + CVE-2022-34718: Because two is always better than one\n\n### What is it?\n\nWhile we avoid basing our bug report strictly on CVSS scores, a 9.8 usually catches our attention. There were several to choose from in Microsoft\u2019s September Patch Tuesday, but two in particular seemed especially critical. I decided to take care of both Patch Tuesday bugs in one section because why not? The first is a Remote Code Execution IKE bug, CVE-2022-34721. IKE, or Internet Key Exchange, is the protocol that sets up key exchanges for [IPsec](<https://www.cloudflare.com/learning/network-layer/what-is-ipsec/>) used in Virtual Private Networks. Essentially, all modern Windows versions with IPsec enabled are impacted. Do you remember all those work-from-home folks you set up VPNs for? Yeah, those are the ones you should be concerned about.\n\nThe second Patch Tuesday bug that caught my attention was CVE-2022-34718, another 9.8 RCE. This vulnerability is found in the Windows TCP/IP stack and, like CVE-2022-34721, it impacts systems running IPsec. Only those running IPv6 will be affected, but you\u2019d have to disable IPv6 entirely to mitigate it. This bug is highly likely to be wormable, highly likely to be exploited, and highly likely to have a working PoC out there in the wild. How do I know the latter? Because a PoC was leaked on Github and was quickly taken down by administrators. That\u2019s not before some [automated PoC collection tools](<https://gitlab.com/securitystuffbackup/PoC-in-GitHub/-/tree/master/>) discovered it, however. It\u2019s na\u00efve to think no one else got a copy before it was removed.\n\n### Who cares?\n\nDo you use VPNs on Windows? That means you should care. If you\u2019re running IPv6 you should double care. Pretty much every Windows shop with remote workers or frequent travelers should be paying close attention to this one.\n\n### What can I do?\n\nAs I stated before, these were from September\u2019s Patch Tuesday. If you need to do anything you are already a month late. Get those patches ASAP! Make sure your users are up-to-date and scold them (as nicely as possible) if they are not. I get it, sometimes you can't patch right away. However, we\u2019re talking about a wormable unauthenticated RCE bug with a leaked PoC here. A month is too long to wait!\n\n \n\n\n## CVE-2022-32917: If I had an Apple for every time...\n\n### What is it?\n\nPrivilege escalation vulnerabilities don\u2019t often get the attention they deserve. Why not? They\u2019re essential to many malware campaigns. True, they aren\u2019t as flashy as RCEs, but without them many campaigns and malware families would just fall flat. What makes [CVE-2022-32917](<https://nvd.nist.gov/vuln/detail/CVE-2022-32917>) interesting is that it effects MacOS, iOS, and iPadOS. That pretty much covers every device in Apple\u2019s infamous \u201cecosystem.\u201d Well, maybe not Apple Watches but are those company-managed anyway? To make matters worse, Apple has [acknowledged](<https://support.apple.com/en-us/HT213443>) that there are reports of attacks in the wild. Not much more information is available yet, but an actively exploited kernel privilege escalation across all your Apple devices should kick start your morning.\n\n### Who cares?\n\nApple users and the IT shops that manage them should care. You can be sure cybercriminals will. Again, this is actively exploited so if you haven\u2019t patched, you\u2019re already behind. It impacts common BYOD items such as iPhones so containment may become an issue. As we all know, users _always_ keep their devices up to date.\n\n### What can I do?\n\nWithout more information about the vulnerability and the in-the-wild exploits, your only option is to patch. iPadOS and iOS should be running version 15.7 (or 16, for iOS). MacOS should be running either 11.7 or 12.6. Beyond that? Sit and wait. Since Apple knows of the exploits, we hope to see some form of writeup soon. It\u2019s not uncommon for security researchers to give some time for patches to be applied before disclosing their findings. Until then, patch, patch, patch.\n\n \n\n\n## CVE-2022-39197: September, Please-Don\u2019t-Hack-Back month...\n\n### What is it?\n\nCobalt Strike may not be familiar to your average IT professional, but it\u2019s the bread and butter for many red teams out there. On September 20th an [out of band patch](<https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/>) for Cobalt Strike was deployed to fix several issues, including [CVE-2022-39197](<https://nvd.nist.gov/vuln/detail/CVE-2022-39197>), a Cross-Site Scripting (XXS) vulnerability. Typically, XXS vulnerabilities don\u2019t hit our radar, but partially because of the slow month and partially because of the irony of a hacking platform exploit, here it is. Essentially, a bad actor can set malformed usernames in a beacon configuration and get code execution on the Cobalt Strike servers. Of the existing [PoCs](<https://github.com/xzajyjs/CVE-2022-39197-POC>) I\u2019ve found, most have simply been used to troll the servers with random images. Those who live by the sword, eh?\n\n Figure 1: Reproduction by [@xzajyjs](<https://github.com/xzajyjs>) from <https://www.cnblogs.com/xzajyjs/p/16724512.html> \n\n\n### Who cares?\n\nIf you\u2019re a large company, you may hire a red team for a security assessment. Maybe you even have your own. In either case, those red teams should care, as a very large portion of them use Cobalt Strike. For any cybercriminals using Cobalt Strike, you should not care. Ignore the patch and keep the old vulnerable version, everything will be just fine.\n\n### What can I do?\n\nMake sure you\u2019re on version 4.7.1. In your TeamsServer.prop file, you should have `limits.beacons_xssvalidated=True` set. If it\u2019s set to `False`, you have a problem. If you\u2019re negotiating a red team engagement with a third party, ask them what tools and versions they intend to use. Point them to this bug report or the [official disclosure](<https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/>) if you find they\u2019re using an old version of Cobalt Strike.\n\n \n\n\n## CVE-2007-4559: Wait, 2007? Is that a typo?\n\n### What is it?\n\nThat\u2019s not a typo. We\u2019ll finish off this bug report with a [15-year-old Python bug](<https://nvd.nist.gov/vuln/detail/CVE-2007-4559>) that keeps on giving! Some new research on this bug puts its potential impact at 350,000+ open-source repositories. Full disclosure, that was us. In our defense, the original bug was published on August 27th of 2007, which is really _really_ close to September 2022 - give or take 15 years. So, what does this bug do? Essentially, it\u2019s a directory traversal bug in which use of `tarfile.extract()` or `tarfile.extractall()` could allow an attacker to overwrite arbitrary files on the system. In some circumstances, this can even lead to code execution. It\u2019s a very easy mistake to make as the default behavior of the tarfile module, and the most straightforward implementation, leads to this vulnerability. Just look how simple it is:\n\n Figure 2: Vulnerable extractall() \n\n\n### Who cares?\n\nDevelopers who write Python code or use Python open-source software should be aware of it and its prevalence. Why is it so prevalent? Because the response to this bug was to warn about the dangers of using untrusted tar files in the official documentation. Of course, we all read the official docs, right? Most developers either failed to read the warning or ignored it altogether! Now, I\u2019m all for ignoring annoying things but security warnings should be an exception. Skip ahead 15 years and now most open-source software packages using tarfile do things insecurely and may have found their way into your supply chain.\n\n### What can I do?\n\nIn this case we\u2019re trying to do the hard work for you. We have been hard at work patching as many of these open-source projects as possible. Pull requests kicked off late September, so project maintainers can add the patch to their code base. If you are a project maintainer, keep an eye out for our pull request or write your own tarfile sanitization patch as soon as possible. If you are a user of open-source software, update your packages as soon as they have a patch applied. Not every project will get patched, nor will every maintainer accept the pull request. In those cases, and for closed-source software, you can use tools like [Creosote](<https://github.com/advanced-threat-research/Creosote>) to scan your own projects. For you developers out there, now you know. Read the warnings. Your code may stick around a _looong_ time so let\u2019s keep this ancient bug from surviving another 15 years.\n", "cvss3": {}, "published": "2022-10-05T00:00:00", "type": "trellix", "title": "The Bug Report \u2014 September 2022 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2007-4559", "CVE-2022-32917", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-39197"], "modified": "2022-10-05T00:00:00", "id": "TRELLIX:EBD56C9F3321809BB35031678EE7699F", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-september-2022-edition.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "qualysblog": [{"lastseen": "2022-10-19T22:05:19", "description": "* * *\n\n# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as **_Critical_** as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks ([CVE-2022-41033](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>)*****,[ ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)[CVE-2022-41043](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41043>)). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing ([CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>)) ranked _**Moderate**_.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.\n\n# Microsoft Exchange _"**ProxyNotShell"**_** **Zero-Days Not Yet Addressed _(QID 50122)_\n\nUnfortunately, Microsoft has not released security updates to address **_ProxyNotShell_** which includes [two actively exploited zero-day vulnerabilities](<https://blog.qualys.com/vulnerabilities-threat-research/2022/09/30/qualys-response-to-proxynotshell-microsoft-exchange-server-zero-day-threat-using-qualys-platform>) tracked as [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) and [CVE-2022-41082](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082>). \n\n[Released: October 2022 Exchange Server Security Updates](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263>) provides the following update:\n\n> **NOTE** The October 2022 SUs **_do not_** contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please [see this blog post](<https://techcommunity.microsoft.com/t5/exchange-team-blog/customer-guidance-for-reported-zero-day-vulnerabilities-in/ba-p/3641494>) to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready.\n\n[Ankit Malhotra](<https://blog.qualys.com/author/amalhotra>), Manager, Signature Engineering suggests, "It's worth noting that Microsoft has had to revise the mitigation for [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation."\n\n* * *\n\n[](<https://tinyl.io/79AH>)\n\n**[ProxyNotShell: Microsoft Exchange Server Zero-Day Threat Using Qualys VMDR](<https://tinyl.io/79AH>)** | [QUALYS ON-DEMAND WEBINAR](<https://tinyl.io/7A58>)\n\n[Watch Now](<https://tinyl.io/79AH>)\n\n[**Qualys Response to _ProxyNotShell_ Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform**](<https://tinyl.io/79AJ>) | [QUALYS BLOG](<https://blog.qualys.com/?>)\n\n* * *\n\n## **The October 2022 Microsoft Vulnerabilities are classified as follows:**\n\n[Microsoft Exploitability Index](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>) / [Microsoft Security Update Severity Rating System](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>)\n\n* * *\n\n## Two (2) **Zero-Day Vulnerabilities Addressed**\n\nA vulnerability is classified as a **_zero-day_** if it is publicly disclosed or actively exploited with no official fix available.\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>)[CVE-2022-41033](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>) | Windows COM+ Event System Service Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nClassified as **_Critical_**, this issue affects an unknown function of the component COM+ Event System Service. The impact of exploitation is loss of confidentiality, integrity, and availability.\n\nMicrosoft has not disclosed how the vulnerability is being exploited or if it is being exploited in targeted or more widespread attacks. They only say that the attack complexity is low and that it requires no user interaction for the attacker to be able to achieve SYSTEM privileges.\n\nAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\nPatch Installation should be considered **_Critical_**.\n\n[Saeed Abbasi](<https://blog.qualys.com/author/sabbasi>), Manager, Vulnerability Signatures adds, "This patch fixes a security vulnerability that Microsoft stated is under active attack. However, it is not clear how severe these attacks are. Due to the nature of this vulnerability, a privilege escalation that often engages some social engineering (e.g. requiring the user to open a malicious attachment), history shows that it potentially needs to be chained with a code execution bug to exploit."\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n### [CVE-2022-41043](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41043>)| Microsoft Office Information Disclosure Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 3.3/10.\n\nThe type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information. The impact of exploitation is loss of confidentiality.\n\nThis vulnerability demands that the victim is doing some kind of user interaction. As of the time of publishing, neither technical details nor an exploit is publicly available.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Less Likely**_\n\n* * *\n\n## **Microsoft Critical Vulnerability Highlights**\n\n### **[](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>)[CVE-2022-37968](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>) |** Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **10/10.\n\nMicrosoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.\n\nCustomers using Azure Stack Edge must update to the 2209 release (software version 2.2.2088.5593). Release notes for the 2209 release of Azure Stack Edge can be found here: [Azure Stack Edge 2209 release notes](<https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-2209-release-notes>).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-37976](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>)** |** Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **8.8/10.\n\nA malicious DCOM client could coerce a DCOM server to authenticate to it through the Active Directory Certificate Service (ADCS) and use the credential to launch a cross-protocol attack.\n\nAn attacker who successfully exploited this vulnerability could gain domain administrator privileges.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>)** |** Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **8.8/10.\n\nIn a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.\n\nThe attacker must be authenticated to the target site, with permission to use Manage Lists within SharePoint.\n\n**NOTE**: Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-38048](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38048>)** |** Microsoft Office Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **7.8/10.\n\nThe word **_Remote_** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nWhen a particular vulnerability allows an attacker to execute "arbitrary code", it typically means that the bad guy can run any command on the target system the attacker chooses. [_Source_](<https://tinyl.io/7A6M>)\n\nFor example, when the score indicates that the _Attack Vector_ is _Local_ and _User Interaction_ is _Required_, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. The impact of exploitation is loss of confidentiality, integrity, and availability.\n\n**NOTE**: Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-34689](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34689>)** |** Windows CryptoAPI Spoofing Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **7.5/10.\n\nAn attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate.\n\nThe technical details are unknown, and an exploit is not publicly available. The impact is known to affect integrity.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## **Microsoft Release Summary**\n\nThis month\u2019s [Release Notes](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct>) cover multiple Microsoft product families, including Azure, Browser, Developer Tools, Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Microsoft Office, System Center, and Windows.\n\nA total of 78 unique Microsoft products/versions are affected, including but not limited to .NET and .NET Core, Azure Arc-enabled Kubernetes cluster, Azure Service Fabric Explorer, Azure Stack Edge, Azure StorSimple 8000 Series, Jupyter Extension for Visual Studio Code, Microsoft 365 Apps for Enterprise, Microsoft Edge (Chromium-based), Microsoft Malware Protection Engine, Microsoft Office, Microsoft SharePoint Enterprise Server, Microsoft SharePoint Foundation, Microsoft SharePoint Server, Microsoft Visual Studio, Visual Studio and Visual Studio Code, Windows Desktop, and Windows Server.\n\nDownloads include Cumulative Updates, Monthly Rollups, Security Only, and Security Updates.\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in October 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including [CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>). The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### **[](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>)[CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>)** **| Microsoft Edge (Chromium-based) Spoofing Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.3/10.\n\nIn a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.\n\n[Per Microsoft severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance. **Severity: _Moderate_**\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n_Did you know? Microsoft Security Response Center (MSRC) | [Improvements in Security Update Notifications Delivery \u2013 And a New Delivery Method](<https://tinyl.io/7A6i>). _\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [security bulletins and advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 29 vulnerabilities affecting Adobe ColdFusion, Adobe Reader, Adobe Commerce, and Adobe Dimension applications. Of these 29 vulnerabilities, 17 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, ten (10) are rated as Important and two (2) are rated as **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 4.4/10 to 10/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-42](<https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html>)** | **Security updates available for Adobe ColdFusion\n\nThis update resolves six (6) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, six (6) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>), _**and one (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve [Critical](<https://helpx.adobe.com/security/severity-ratings.html>), [Important](<https://helpx.adobe.com/security/severity-ratings.html>), and [Moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass, and privilege escalation.\n\n* * *\n\n### [APSB22-46](<https://helpx.adobe.com/security/products/acrobat/apsb22-46.html>)** | **Security update available for Adobe Acrobat and Reader\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak.\n\n* * *\n\n### [APSB22-48](<https://helpx.adobe.com/security/products/magento/apsb22-48.html>)** | **Security update available for Adobe Commerce\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-57](<https://helpx.adobe.com/security/products/dimension/apsb22-57.html>)** | **Security updates available for Adobe Dimension\n\nThis update resolves eight (8) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Dimension. This update addresses [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Qualys Threat Research Blog Posts **_New_**\n\nPublished in the Last 30 days; Most Recent First\n\n * [NSA Alert: Topmost CVEs Actively Exploited By People\u2019s Republic of China State-Sponsored Cyber Actors](<https://tinyl.io/79AX>)\n * [Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform](<https://tinyl.io/79Aa>)\n\n* * *\n\n## **Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories**\n\nPublished between September 14 - October 12, 2022, Most Recent First\n\n * [Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as Critical](<https://tinyl.io/79Vx>)\n * [Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)](<https://tinyl.io/797N>)\n * [FortiGate and FortiProxy Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (CVE-2022-40684)](<https://tinyl.io/797M>)\n * [Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)](<https://tinyl.io/797L>)\n * [Sophos Firewall Remote Code Execution Vulnerability (CVE-2022-3236)](<https://tinyl.io/797K>)\n * [Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)](<https://tinyl.io/797J>)\n * [Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)](<https://tinyl.io/797I>)\n * [Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit](<https://tinyl.io/797H>)\n * [Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)](<https://tinyl.io/797G>)\n * [Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday, September 2022 Edition](<https://threatprotect.qualys.com/2022/09/14/microsoft-patches-vulnerabilities-79-including-16-microsoft-edge-chromium-based-with-2-zero-days-and-5-critical-in-patch-tuesday-september-2022-edition/>)\n\n* * *\n\n# **Discover and Prioritize Vulnerabilities in **[Vulnerability Management Detection Response](<https://www.qualys.com/apps/vulnerability-management-detection-response/>)** **(VMDR)\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91949` OR qid:`91950` OR qid:`91951` OR qid:`91953` OR qid:`110417` OR qid:`110418` OR qid:`377627` OR qid:`377628` ) \n\n\n\n [In-Depth Look Into Data-Driven Science Behind Qualys TruRisk](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk>) **_New_**\n\n [Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm](<https://blog.qualys.com/product-tech/2022/08/22/qualys-vmdr-recognized-as-best-vm-solution-by-sc-awards-2022-leader-by-gigaom>)\n\n [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>)\n\n* * *\n\n# **Rapid Response with **[Patch Management](<https://www.qualys.com/apps/patch-management/>) (PM)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches with one click.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91949` OR qid:`91950` OR qid:`91951` OR qid:`91953` OR qid:`110417` OR qid:`110418` OR qid:`377627` OR qid:`377628` )\n\n\n\n [Why Organizations Struggle with Patch Management (and What to Do about It)](<https://tinyl.io/79TY>) **_New_**\n\n [Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications](<https://blog.qualys.com/qualys-insights/2022/09/08/let-smart-automation-reduce-the-risk-of-zero-day-attacks-on-third-party-applications-2>)\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# EXECUTE Mitigation Using [Custom Assessment and Remediation](<https://tinyl.io/79UY>) (CAR) **_New_**\n\n[Qualys Custom Assessment and Remediation](<https://www.qualys.com/apps/custom-assessment-remediation/>) empowers a system administrator to quickly and easily perform configuration updates on your technology infrastructure when the current situation requires the implementation of a vendor-suggested mitigation or workaround. \n\n**_Mitigation_** refers to a setting, common configuration, or general best practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.\n\nA **_workaround_** is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. [_Source_](<https://www.techtarget.com/whatis/definition/workaround>)\n\n## Try It for Free!\n\n[Sign up now for a no-cost trial of Qualys Custom Assessment and Remediation](<https://www.qualys.com/forms/custom-assessment-remediation/>)\n\nCustomers can perform the provided mitigation steps by creating a PowerShell script and executing the script on vulnerable assets.\n\n**IMPORTANT: ** Scripts tend to change over time. Referring back to a portion of our quote from [Ankit Malhotra](<https://blog.qualys.com/author/amalhotra>) at the top of this blog, "It's worth noting that Microsoft has had to revise the mitigation for [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) more than once, as the suggested URL rewrite Mitigation was bypassed multiple times." **_Please refer to the Qualys GitHub Tuesday Patch [link](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch>) to ensure the most current version of a given [Patch Tuesday script](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch>) is in use._**\n\n### Related Blog Content:\n\nPublished in the Last 30 days; Most Recent First\n\n [Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)](<https://tinyl.io/797N>)\n\n [Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation](<https://tinyl.io/79Y9>)\n\n### [**CVE-2022-37976**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>)** | **Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n[**GitHub Link for CVE-2022-37976 Script**](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/October/CVE-2022-37976\\(ADCS%20Vulnerability\\)>)\n \n \n $ServiceName = \"CertSvc\"\n $ServiceStatus = (Get-Service -Name $ServiceName).status\n if($ServiceStatus -eq \"Running\")\n {\n \n reg add \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\\" /v LegacyAuthenticationLevel /t REG_DWORD /d '5' /f | Out-Null\n \n if($?)\n {\n Write-Host \"ADCS found running. LegacyAuthenticationLevel is set to 5. Mitigation for CVE-2022-37976 has been applied as per MSRC guidelines. \"\n }\n else\n {\n Write-Host \"command failed\"\n }\n \n \n }\n else {\n Write-Host \"ADCS not running. No action required\"\n }\n\n\n\n* * *\n\n### [CVE-2022-33645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33645>)** | **Windows TCP/IP Driver Denial of Service (DoS) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n[**GitHub Link for CVE-2022-33645 Script**](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/October/CVE-2022-33645\\(TCPIP%20Driver%20Dos%20Vulnerability\\)>)\n \n \n Disable-NetAdapterBinding -Name \"*\" -ComponentID \"ms_tcpip6\"\n \n if($?)\n {\n Write-Host \"IPV6 has been disabled as part of workaround implementation. CVE-2022-33645 is now mitigated,\"\n }\n else\n {\n Write-Host \"command failed\"\n }\n \n\n\n\n* * *\n\n# **EVALUATE Vendor-Suggested Mitigation with **[**Policy Compliance**](<https://www.qualys.com/forms/policy-compliance/>) (PC)\n\n[Qualys Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires implementation validation of a vendor-suggested mitigation or workaround. \n\n**_Mitigation_** refers to a setting, common configuration, or general best practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.\n\nA **_workaround_** is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. [_Source_](<https://www.techtarget.com/whatis/definition/workaround>)\n\nThe following [Qualys Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended mitigation(s) for this Patch Tuesday:\n\n### [**CVE-2022-37976**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>)** | **Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **4079 **Status of the 'Active Directory Certificate Service' ** **\n * **14916 **Status of Windows Services** **\n * **24842** Status of the 'LegacyAuthenticationLevel' setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-33645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33645>)** | **Windows TCP/IP Driver Denial of Service (DoS) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **4842** Status of the 'Internet Protocol version 6 (IPv6) components' setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`4079` OR id:`4842` OR id:`14916` OR id:`24842` ) \n\n\n\n [Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation](<https://tinyl.io/79U7>) **_New_**\n\n [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>)\n\n [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n**Patch Tuesday is Complete.**\n\n* * *\n\n# [This Month in Vulnerabilities and Patches](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>) Webinar Series \n\n[](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\nThe Qualys Product Management and Threat Research team members host a monthly webinar series to help our existing customers leverage the seamless integration between [Qualys Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, this month\u2019s Patch Tuesday high-impact vulnerabilities will be discussed. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.\n\n* * *\n\n# UPCOMING EVENTS\n\n* * *\n\nThe content within this section will spotlight upcoming Vulnerability Management, Patch Management, Threat Protection, Custom Assessment and Remediation, and Policy Compliance adjacent events available to our prospective, new, and existing customers.\n\n## [**WEBINARS**](<https://gateway.on24.com/wcc/eh/3347108/category/91385/upcoming-webinars>)\n\n## Introducing Qualys Workshop Wednesday\n\n[](<https://gateway.on24.com/wcc/eh/3347108/category/111238/workshop-wednesday>)\n\nAt Qualys Inc, providing cybersecurity through technology is what we do. Join us each month as we tap into the minds of Qualys experts to share how you can get the most out of your investment and understand ways in which you can quickly reduce your cyber risk exposure using the Qualys Cloud Platform. Each 45-minute monthly session, hosted on the first Wednesday of the month, will showcase practical hands-on tips and tricks, news on new capabilities and services, as well as useful customer success stories that can help you get the most out of the Qualys Cloud Platform. \n\n**Join us for the first Workshop Wednesday on Nov 2, 2022, at 9:00 AM PDT. **\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/111238/workshop-wednesday>)\n\n* * *\n\n## Qualys Threat Thursdays\n\n[](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)\n\nThe Qualys Threat Research team invites you to join their regular monthly webinar series covering the latest threat intelligence analysis and insight. \n\nOctober 2022 Threat Thursday Topic is **AsyncRAT**.\n\nNever miss an update. [Subscribe Today](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)!\n\n[Click Here](<https://tinyl.io/79BC>) to quickly navigate to Qualys Threat Thursday blog posts.\n\n* * *\n\n## [**CONFERENCES**](<https://www.qualys.com/qsc/locations/>)\n\n[](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)\n\n[Register Now](<https://www.qualys.com/qsc/2022/las-vegas/register/>)\n\n## [Qualys Annual Security Conference](<https://tinyl.io/79BB>) #QSC22\n\nQualys Security Conference (QSC) is a unique opportunity for the Qualys community to get together to hear the latest developments in cybersecurity, view the latest innovations from Qualys, trade best practices, share feedback, and learn tips and tricks on how security professionals work to keep their organizations secure.\n\n## We are pleased to announce the keynote speaker for the 2022 Qualys Annual Security Conference in Las Vegas\n\n\n\nRobert Herjavec is a globally recognized motivational, business, and cyber security leader. For the last 14 years, Robert has been well known as one of the Sharks, and executive producer of the Emmy Award-winning hit show, Shark Tank. He has served as a Cybersecurity Advisor for the Government of Canada, participated in the White House Summit on Cybersecurity, and is a member of the US Chamber of Commerce Task Force for Cybersecurity.\n\nRobert\u2019s keynote will highlight the growing importance of cybersecurity in today\u2019s world.\n\n* * *\n\n**Explore and secure the digital journey.** Dive into the profound impact of the digital journey and explore how to build security automation from the data center to the cloud. Industry experts and Qualys leaders discuss automation strategies, preview product roadmaps, listen to your challenges, and answer your questions.\n\n**Get inspired.** Engage with Qualys\u2019 customer-facing teams and your peers around best practices and user case studies for applying security automation to real-world challenges.\n\n**Sharpen your expertise. **Two days of free training cover forward-looking strategies, best practices to improve effectiveness and productivity, and core/expanded product features to up-level your security program.\n\n**Who Should Attend? **CIOs, CSOs, and CTOs; directors and managers of network, security, and cloud; developers and DevSecOps practitioners; Qualys partners and consultants; or any forward-thinking security professional.\n\n## Live **Training Sessions**\n\n## [November 7](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov7>) and [November 8](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov8>)\n\n* * *\n\n## Live **Conference Sessions**\n\n## [November 9](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov9>) and [November 10](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov10>)\n\n_Attendance at QSC is complimentary. This includes access to all general sessions, breakout sessions, breakfast, lunch, breaks, and receptions._\n\n* * *\n\n#### #QSC22 Location and Reservation Information\n\nNovember 7-10, 2022\n\nThe Venetian Resort Las Vegas, 3355 Las Vegas Blvd. South, Las Vegas, NV 89109, US\n\n[Book your hotel here](<https://book.passkey.com/gt/218594637?gtid=9914abda1b2fe722d872e0ac3e0bdc09>) & take advantage of the discounted QSC rate of $229+ per night\n\nOr find a conference [near you](<https://www.qualys.com/qsc/locations/>).\n\n* * *\n\n## This month's blog content is the result of collaboration with and contributions from:\n\n_In order of appearance_\n\n * Quote: [Ankit Malhotra](<https://blog.qualys.com/author/amalhotra>), Manager, Signature Engineering\n * Quote: [Saeed Abbasi](<https://blog.qualys.com/author/sabbasi>), Manager, Vulnerability Signatures\n * QID Content: Arun Kethipelly, Manager, Signature Engineering\n * QID Content: Dianfang (Sabrina) Gao, Lead, QA Engineer\n * CAR Content: Mukesh Choudhary, Compliance Research Analyst\n * CAR Content: [Lavish Jhamb](<https://blog.qualys.com/author/ljhamb>), Solution Architect, Compliance Solutions\n * PC Content: Xiaoran (Alex) Dong, Manager, Compliance Signature Engineering\n * Webinars: Thomas Nuth, Senior Director, Product Marketing\n * Webinars: Nihal Adav, Email Marketing Specialist\n * #QSCLV22 Content: Anna Moraleda, Sr. Marketing Events Specialist\n\n* * *", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T20:00:00", "type": "qualysblog", "title": "October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-30134", "CVE-2022-3236", "CVE-2022-32894", "CVE-2022-33645", "CVE-2022-34689", "CVE-2022-35405", "CVE-2022-37968", "CVE-2022-37976", "CVE-2022-38048", "CVE-2022-40139", "CVE-2022-40684", "CVE-2022-41033", "CVE-2022-41035", "CVE-2022-41038", "CVE-2022-41040", "CVE-2022-41043", "CVE-2022-41082", "CVE-2022-41352"], "modified": "2022-10-11T20:00:00", "id": "QUALYSBLOG:F062F85432853297A014064EA7A5C183", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-03T20:04:30", "description": "# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 63 vulnerabilities (aka flaws) in the September 2022 update, including five (5) vulnerabilities classified as **_Critical_** as they allow Remote Code Execution (RCE). This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks (**[CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>)***,[ ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)**[CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>)**). Earlier this month, on September 1-2, 2022, Microsoft also released a total of 16 Microsoft Edge (Chromium-Based) updates, one (1) addressing a Remote Code Execution (RCE) ([CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>)) ranked _**Low**_.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service, Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution, and Security Feature Bypass.\n\n## **The September 2022 Microsoft Vulnerabilities are Classified as follows:**\n\n\n\n# **Notable Microsoft Vulnerabilities Patched**\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>) | Windows TCP/IP Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-34721](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721>), [CVE-2022-34722](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722>) | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nAn unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. NOTE: This vulnerability_ only impacts IKEv1_. IKEv2 is not impacted. However, all Windows Servers are affected because they accept both V1 and V2 packets.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n# **Zero-Day Vulnerabilities Addressed**\n\nA vulnerability is classified as a zero-day if it is publicly disclosed or actively exploited with no official fix available.\n\n### [CVE-2022-37969](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969>) | Windows Common Log File System Driver Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nAn attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.\n\nAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-23960](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23960>) | Windows Common Log File System Driver Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of [5.6](<https://nvd.nist.gov/vuln/detail/CVE-2022-23960>)/10.\n\n[CVE-2022-23960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960>) is regarding a vulnerability known as Spectre-BHB. MITRE created this CVE on behalf of Arm Limited.\n\nPlease see [Spectre-BHB on arm Developer](<https://developer.arm.com/Arm%20Security%20Center/Spectre-BHB>) for more information.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Less Likely**_\n\n* * *\n\n# **Microsoft Important Vulnerability Highlights**\n\nThis month\u2019s [advisory](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep>) covers multiple Microsoft product families, including Azure, Browser, Developer Tools, [Extended Security Updates (ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Microsoft Dynamics, Microsoft Office, System Center, and Windows.\n\nA total of 92 unique Microsoft products/versions are affected, including but not limited to .NET, Azure Arc, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Office SharePoint, SPNEGO Extended Negotiation, Visual Studio Code, Windows Common Log File System Driver, Windows Credential Roaming Service, Windows Defender, Windows Distributed File System (DFS), Windows DPAPI (Data Protection Application Programming Interface), Windows Enterprise App Management, Windows Event Tracing, Windows Group Policy, Windows IKE Extension, Windows Kerberos, Windows Kernel, Windows LDAP - Lightweight Directory Access Protocol, Windows ODBC Driver, Windows OLE, Windows Print Spooler Components, Windows Remote Access Connection Manager, Windows TCP/IP, and Windows Transport Security Layer (TLS).\n\nDownloads include Cumulative Update, Monthly Rollup, Security Hotpatch Update, Security Only, and Security Updates.\n\n* * *\n\n### [CVE-2022-38009](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009>) | Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nIn a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.\n\nThe attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-26929](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26929>) | .NET Framework Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nThe word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nFor example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047>)[CVE-2022-38007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007>) | Azure Guest Configuration and Azure Arc-enabled Servers Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nAn attacker who successfully exploited the vulnerability could replace Microsoft-shipped code with their own code, which would then be run as root in the context of a Guest Configuration daemon. On an Azure VM with the Guest Configuration Linux Extension installed, this would run in the context of the GC Policy Agent daemon. On an Azure Arc-enabled server, it could run in the context of the GC Arc Service or Extension Service daemons.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in September 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including [CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>). The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>)[CVE-2022-38012](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38012>) | Microsoft Edge (Chromium-based) Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.7/10.\n\nThe word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nFor example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.\n\nThis vulnerability could lead to a browser sandbox escape.\n\nSuccessful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.\n\nNOTE: [Per Microsoft's severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance which explains why this CVE is rated as Low, but the CVSSv3.1 score is 7.7\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released seven (7) [security bulletins and advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 63 vulnerabilities affecting Adobe Animate, Bridge, Illustrator, InCopy, InDesign, Photoshop, and Experience Manager applications. Of these 63 vulnerabilities, 35 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_** and 28 rated as _****_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_****_; ranging in severity from a CVSS score of 5.3/10 to 7.8/10, as summarized below.\n\n\n\n* * *\n\n### [APSB22-40](<https://helpx.adobe.com/security/products/experience-manager/apsb22-40.html>) | Security Update Available for Adobe Experience Manager\n\nThis update resolves 11 [_****__****_](<https://helpx.adobe.com/security/severity-ratings.html>)_****_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_****_ vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities rated [Important](<https://helpx.adobe.com/security/severity-ratings.html>). Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass.\n\n* * *\n\n### [APSB22-49](<https://helpx.adobe.com/security/products/bridge/apsb22-49.html>) | Security Update Available for Adobe Bridge\n\nThis update resolves 12 vulnerabilities:\n\n * Ten (10) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): _3\n\nAdobe has released a security update for Adobe Bridge. This update addresses [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-50](<https://helpx.adobe.com/security/products/indesign/apsb22-50.html>) | Security Update Available for Adobe InDesign\n\nThis update resolves 18 vulnerabilities:\n\n * Eight (8) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Ten (10) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): _3\n\nAdobe has released a security update for Adobe InDesign. This update addresses multiple [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, and memory leak.\n\n* * *\n\n### [APSB22-52](<https://helpx.adobe.com/security/products/photoshop/apsb22-52.html>) | Security Update Available for Adobe Photoshop\n\nThis update resolves ten (10) vulnerabilities:\n\n * Nine (9) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * One (1) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Photoshop for Windows and macOS. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.\n\n* * *\n\n### [APSB22-53](<https://helpx.adobe.com/security/products/incopy/apsb22-53.html>) | Security Update Available for Adobe InCopy\n\nThis update resolves seven (7) vulnerabilities:\n\n * Five (5) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe InCopy. This update addresses multiple [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak. \n\n* * *\n\n### [APSB22-54](<https://helpx.adobe.com/security/products/animate/apsb22-54.html>) | Security Update Available for Adobe Animate\n\nThis update resolves two (2) [](<https://helpx.adobe.com/security/severity-ratings.html>)[_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Animate. This update resolves [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n\n* * *\n\n### [APSB22-55](<https://helpx.adobe.com/security/products/illustrator/apsb22-55.html>) | Security Update Available for Adobe Illustrator\n\nThis update resolves three (3) vulnerabilities:\n\n * One (1) [_**Critical**_](<https://helpx.adobe.com/security/severity-ratings.html>)\n * Two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_**\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Illustrator 2022. This update resolves [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [important ](<https://helpx.adobe.com/security/severity-ratings.html>)vulnerabilities that could lead to arbitrary code execution and memory leak.\n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories from August to September 2022 Patch Tuesday Advisory\n\n_Sorted in Descending Order_\n\n * [Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday September 2022 Edition](<https://threatprotect.qualys.com/2022/09/14/microsoft-patches-vulnerabilities-79-including-16-microsoft-edge-chromium-based-with-2-zero-days-and-5-critical-in-patch-tuesday-september-2022-edition/>)\n * [Google Chrome Releases Fix for the Zero-day Vulnerability (CVE-2022-3075)](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)](<https://threatprotect.qualys.com/2022/08/29/atlassian-bitbucket-server-and-data-center-command-injection-vulnerability-cve-2022-36804/>)\n * [GitLab Patches Critical Remote Command Execution Vulnerability (CVE-2022-2884)](<https://threatprotect.qualys.com/2022/08/25/gitlab-patches-critical-remote-command-execution-vulnerability-cve-2022-2884/>)\n * [Apple Releases Security Updates to patch two Zero-Day Vulnerabilities (CVE-2022-32893 and CVE-2022-32894)](<https://threatprotect.qualys.com/2022/08/18/apple-releases-security-updates-to-patch-two-zero-day-vulnerabilities-cve-2022-32893-and-cve-2022-32894/>)\n * [Google Chrome Zero-Day Insufficient Input Validation Vulnerability (CVE-2022-2856)](<https://threatprotect.qualys.com/2022/08/18/google-chrome-zero-day-insufficient-input-validation-vulnerability-cve-2022-2856/>)\n * [Palo Alto Networks (PAN-OS) Reflected Amplification Denial-of-Service (DoS) Vulnerability (CVE-2022-0028)](<https://threatprotect.qualys.com/2022/08/16/palo-alto-networks-pan-os-reflected-amplification-denial-of-service-dos-vulnerability-cve-2022-0028/>)\n * [Microsoft Patches 121 Vulnerabilities with Two Zero-days and 17 Critical; Plus 20 Microsoft Edge (Chromium-Based) in August 2022 Patch Tuesday](<https://threatprotect.qualys.com/2022/08/10/microsoft-patches-121-vulnerabilities-with-two-zero-days-and-17-critical-plus-20-microsoft-edge-chromium-based-in-august-2022-patch-tuesday/>)\n * [VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)](<https://threatprotect.qualys.com/2022/08/10/vmware-vrealize-operations-multiple-vulnerabilities-patched-in-the-latest-security-update-cve-2022-31672-cve-2022-31673-cve-2022-31674-cve-2022-31675/>)\n\n* * *\n\n## Discover and Prioritize Vulnerabilities in [Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) \n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91937` OR qid:`91938` OR qid:`91939` OR qid:`91940` OR qid:`91941` OR qid:`91942` OR qid:`91943` OR qid:`91944` OR qid:`91945` OR qid:`91946` OR qid:`91947` OR qid:`110415` OR qid:`110416` OR qid:`377590` ) \n\n\n\n [Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm](<https://blog.qualys.com/product-tech/2022/08/22/qualys-vmdr-recognized-as-best-vm-solution-by-sc-awards-2022-leader-by-gigaom>) **_New_**\n\n [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>)\n\n* * *\n\n## Rapid Response with [Patch Management (PM)](<https://www.qualys.com/apps/patch-management/>)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches with one click.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91937` OR qid:`91938` OR qid:`91939` OR qid:`91940` OR qid:`91941` OR qid:`91942` OR qid:`91943` OR qid:`91944` OR qid:`91945` OR qid:`91946` OR qid:`91947` OR qid:`110415` OR qid:`110416` OR qid:`377590` ) \n\n\n\n [Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications](<https://blog.qualys.com/qualys-insights/2022/09/08/let-smart-automation-reduce-the-risk-of-zero-day-attacks-on-third-party-applications-2>) **_New_**\n\n [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n## Evaluate Vendor-Suggested Workarounds with [Policy Compliance](<https://www.qualys.com/forms/policy-compliance/>)\n\nQualys\u2019 [Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires the implementation of a vendor-suggested workaround. A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. _ [Source](<https://www.techtarget.com/whatis/definition/workaround>)_\n\nThe following Qualys [Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended workaround for this Patch Tuesday:\n\n#### [CVE-2022-38007](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38007>)** | Azure Guest Configuration and Azure Arc-enabled Servers Elevation of Privilege (EoP) Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nPolicy Compliance Control IDs (CIDs) for Checking Azure Arc-Enabled Servers on Linux:\n\n * **14112**: Status of the services installed on the Linux/UNIX host (stopped, running, failed, dead, \u2026) \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-34718](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718>)**** | ****Windows TCP/IP Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 9.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **3720**: Status of the 'IPSEC Services' service\n * **14916**: Status of Windows Services \n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n#### [CVE-2022-35838](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35838>)****** | **HTTP V3 Denial of Service (DoS) Vulnerability****\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **24717**: Status of the 'HTTP/3' service\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-33679 ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33679>), [CVE-2022-33647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33647>)**** | **Windows Kerberos Elevation of Privilege (EoP) Vulnerability**\n\nThese vulnerabilities have a CVSSv3.1 score of 8.1/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **17108**: Status of the 'KDC support for claims, compound authentication and Kerberos armoring' setting (Enabled / Disabled)\n * **17109**: Status of the 'Kerberos client support for claims, compound authentication and Kerberos armoring' setting\n * **17197**: Status of the 'KDC support for claims, compound authentication, and Kerberos armoring' setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n#### [CVE-2022-38004](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38004>) **| Windows Network File System Remote Code Execution (RCE) Vulnerability** \n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **1161**: Status of the 'Fax' service\n * **14916**: Status of Windows Services\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`1161` OR id:`3720` OR id:`14112` OR id:`14916` OR id:`14916` OR id:`17108` OR id:`17108` OR id:`17109` OR id:`17109` OR id:`17197` OR id:`17197` OR id:`24717` ) \n\n\n\n [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>) **_New_**\n\n [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n**Patch Tuesday is Complete.**\n\n* * *\n\n# Qualys [This Month in Vulnerabilities and Patches](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>) Webinar Series \n\n\n\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys[ Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and Qualys [Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, we will discuss this month\u2019s high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. \n\n* * *\n\n### **Join the webinar**\n\n## **This Month in Vulnerabilities & Patches**\n\n[Register Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n* * *\n\n## NEW & NOTEWORTHY UPCOMING EVENTS\n\nThe content within this section will spotlight Vulnerability Management, Patch Management, Threat Protections, and Policy Compliance adjacent events available to our new and existing customers.\n\n* * *\n\n[WEBINARS](<https://gateway.on24.com/wcc/eh/3347108/category/91385/upcoming-webinars>)\n\n## [Introducing Qualys Threat Thursdays](<https://blog.qualys.com/vulnerabilities-threat-research/2022/09/01/introducing-qualys-threat-research-thursdays>)\n\n\n\nThe **Qualys Research Team** announces the first in a series of regular monthly webinars covering the latest threat intelligence analysis and insight. Join us each month for Threat Thursdays, where we will zero in on a specific malware or other exploit observed in the wild\u2026 and how to defend against it.\n\nPlease join us for the first [Threat Thursdays](<https://event.on24.com/wcc/r/3925198/52A4000CBD17D2B16AFD5F56B3C9D15A>) monthly webinar where the Qualys Threat Research Team will present the latest threat intelligence\u2026 each and every month! \n\nTo quickly navigate to Threat Thursday blog posts, please use <https://blog.qualys.com/tag/threat-thursday>\n\n* * *\n\n[CONFERENCES](<https://www.qualys.com/qsc/locations/>)\n\n[](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)[Register Now](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)\n\n## [Qualys Annual Security Conference](<https://www.qualys.com/qsc/get-notified/#las-vegas/>) #QSC22\n\nNovember 7-10, 2022 \n\nThe Venetian Resort Las Vegas, 3355 Las Vegas Blvd. South, Las Vegas, NV 89109, US\n\n[Book your hotel here](<https://book.passkey.com/gt/218594637?gtid=9914abda1b2fe722d872e0ac3e0bdc09>) & take advantage of the discounted QSC rate of $229+ per night\n\nOr find a conference [near you](<https://www.qualys.com/qsc/locations/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-13T20:00:00", "type": "qualysblog", "title": "September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0028", "CVE-2022-22047", "CVE-2022-23960", "CVE-2022-26929", "CVE-2022-2856", "CVE-2022-2884", "CVE-2022-30134", "CVE-2022-3075", "CVE-2022-31672", "CVE-2022-31673", "CVE-2022-31674", "CVE-2022-31675", "CVE-2022-32893", "CVE-2022-32894", "CVE-2022-33647", "CVE-2022-33679", "CVE-2022-34718", "CVE-2022-34721", "CVE-2022-34722", "CVE-2022-35838", "CVE-2022-36804", "CVE-2022-37969", "CVE-2022-38004", "CVE-2022-38007", "CVE-2022-38009", "CVE-2022-38012"], "modified": "2022-09-13T20:00:00", "id": "QUALYSBLOG:DE2E40D3BB574E53C7448F3A304849C9", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
Two Zero-day vulnerabilities in macOS BigSur
