iOS 15.3 patches 10 major security vulnerabilities affecting Safari, root access, and more

In addition to today’s Apple software updates for iPhone, iPad, Mac, Apple Watch and more, they also fix various security issues. iOS 15.3 specifically patches 10 noteworthy security vulnerabilities, ranging from Safari web browsing leaks to vulnerabilities that could grant root privileges to malicious apps.

We knew that the web browsing and Google Account ID vulnerabilities were patched ahead of time when RC versions of iOS 15.3 and macOS 12.2 arrived. However, Apple has now detailed the full list of security patches, showing Documentation for iOS 15.3, watchOS 8.4, and more.

macOS 12.2 may contain the same fix, but Apple has not yet released a security update for it.

In addition to the Safari web browsing vulnerability, other security issues have been patched, including the ability for apps to gain root privileges, the ability to execute arbitrary code with kernel privileges, incorrect access to user files via iCloud, and more.

---

Color Sync

Applicable to: iPhone 6s and newer models, iPad Pro (all models), iPad Air 2 and newer models, iPad 3rd 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: Already Address memory corruption issues with improved validation.

CVE-2022-22584: Mickey Jin from Trend Micro (@patch1t)

Crash Reporter

Applies to: iPhone 6s and newer , iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Malicious Applications The program may be able to gain root privileges

Description: A logic issue has been resolved through improved validation.

CVE-2022-22578: Anonymous researcher

iCloud

Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to access the user's files

Description: An issue exists in the path validation logic of symbolic links. This issue has been addressed with improved path cleaning.

CVE-2022-22585: Huo Zhipeng (@ R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

IOMobileFrameBuffer

Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th Generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that this issue may be actively exploited.

Description: A memory corruption issue has been addressed with improved input validation.

CVE-2022-22587: Anonymous Researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Labs, Siddharth Aeri (@b1n4r1b01)

Core

Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue has been addressed through improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng from STAR Labs

Model input/output

Applies to: iPhone 6s and newer , iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Addressing malicious Crafted STL files may lead to unexpected application termination or arbitrary code execution

Description: An information leak issue has been addressed through improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) by Trend Micro

Network Suite

Applies to: iPhone 6s and later , iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Addressing malicious Crafted emails may cause arbitrary javascript to be run

Description: A validation issue has been addressed with improved input sanitization.

CVE-2022-22589: Heige of the KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

Network Suite

Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (th Generation 7)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use-after-free issue has been addressed through improved memory management.

CVE-2022-22590: Toan Pham from Ocean Security Team Orca (security.sea.com)

Network Suite

Applies to: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th Generation)

Impact: Processing maliciously crafted web content may prevent enforcement of content security policies

Description: A logic issue has been resolved through improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage

Applies to: iPhone 6s and later, iPad Pro ( All models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A website may be able to track sensitive User Information

Description: A cross-domain issue in the IndexDB API has been resolved through improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

The above is the detailed content of iOS 15.3 patches 10 major security vulnerabilities affecting Safari, root access, and more. For more information, please follow other related articles on the PHP Chinese website!