Apple Updates Everything
Apple released updates for iOS/iPadOS, MacOS, TVOS, and WatchOS. This significant update fixes 39 vulnerabilities. Many affect multiple operating systems. One vulnerability in WebKit is already being exploited. Please consider the table below "experimental," as we still try to figure out how to correctly parse and rank the Apple updates.
This update will also enable end-to-end encryption for some iCloud data, like backups. It should be obvious that once enabled, and your data will be lost if you lose access to your devices or iCloud credentials. During the setup process, Apple does allow you to setup a recovery contact, essentially a trusted person that will be able to authenticate you during password recovery.
| Safari | iOS and iPadOS | MacOS Monterey (12.x) | MacOS BigSur (10.x) | macOS Ventura (13.x) | TVOS | WatchOS | |
|---|---|---|---|---|---|---|---|
| WebKit Bugzilla [critical] *** EXPLOITED *** WebKit A type confusion issue was addressed with improved state handling. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. |
|||||||
| x | x | x | x | x | |||
| CVE-2022-42852 [important] WebKit The issue was addressed with improved memory handling. Processing maliciously crafted web content may result in the disclosure of process memory |
|||||||
| x | x | x | x | x | |||
| CVE-2022-46698 [important] WebKit A logic issue was addressed with improved checks. Processing maliciously crafted web content may disclose sensitive user information |
|||||||
| x | x | x | x | x | |||
| CVE-2022-42854 [important] Bluetooth The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
| x | x | ||||||
| CVE-2022-42821 [important] BOM A logic issue was addressed with improved checks. An app may bypass Gatekeeper checks |
|||||||
| x | x | ||||||
| CVE-2022-32942 [important] DriverKit The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | |||||
| CVE-2022-42861 [important] Kernel This issue was addressed with improved checks. An app may be able to break out of its sandbox |
|||||||
| x | x | x | |||||
| CVE-2022-42864 [important] IOHIDFamily A race condition was addressed with improved state handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | x | x | ||
| CVE-2022-46689 [important] Kernel A race condition was addressed with additional validation. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | x | x | ||
| CVE-2022-42845 [important] Kernel The issue was addressed with improved memory handling. An app with root privileges may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | x | x | ||
| CVE-2022-42842 [critical] Kernel The issue was addressed with improved memory handling. A remote user may be able to cause kernel code execution |
|||||||
| x | x | x | x | x | x | ||
| CVE-2022-40303 [critical] libxml2 An integer overflow was addressed through improved input validation. A remote user may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | x | ||||
| CVE-2022-40304 [critical] libxml2 This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | x | ||||
| CVE-2022-42840 [important] ppp The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | ||||
| CVE-2022-42855 [important] Preferences A logic issue was addressed with improved state management. An app may be able to use arbitrary entitlements |
|||||||
| x | x | x | x | ||||
| CVE-2022-42841 [critical] xar A type confusion issue was addressed with improved checks. Processing a maliciously crafted package may lead to arbitrary code execution |
|||||||
| x | x | x | |||||
| CVE-2022-42843 [important] Accounts This issue was addressed with improved data protection. A user may be able to view sensitive user information |
|||||||
| x | x | x | x | ||||
| CVE-2022-46694 [critical] AppleAVD An out-of-bounds write issue was addressed with improved input validation. Parsing a maliciously crafted video file may lead to kernel code execution |
|||||||
| x | x | x | |||||
| CVE-2022-42865 [important] AppleMobileFileIntegrity This issue was addressed by enabling hardened runtime. An app may be able to bypass Privacy preferences |
|||||||
| x | x | x | x | ||||
| CVE-2022-42848 [important] AVEVideoEncoder A logic issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | ||||||
| CVE-2022-46693 [critical] ImageIO An out-of-bounds write issue was addressed with improved input validation. Processing a maliciously crafted file may lead to arbitrary code execution |
|||||||
| x | x | x | x | ||||
| CVE-2022-42851 [important] ImageIO The issue was addressed with improved memory handling. Parsing a maliciously crafted TIFF file may lead to disclosure of user information |
|||||||
| x | x | ||||||
| CVE-2022-46690 [important] IOMobileFrameBuffer An out-of-bounds write issue was addressed with improved input validation. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | ||||
| CVE-2022-46701 [critical] Kernel The issue was addressed with improved bounds checks. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges |
|||||||
| x | x | x | |||||
| CVE-2022-46695 [moderate] Safari A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. Visiting a website that frames malicious content may lead to UI spoofing |
|||||||
| x | x | x | x | ||||
| CVE-2022-42849 [important] Software Update An access issue existed with privileged API calls. This issue was addressed with additional restrictions. A user may be able to elevate privileges |
|||||||
| x | x | x | |||||
| CVE-2022-42866 [important] Weather The issue was addressed with improved handling of caches. An app may be able to read sensitive location information |
|||||||
| x | x | x | x | ||||
| CVE-2022-42859 [important] CoreServices Multiple issues were addressed by removing the vulnerable code. An app may be able to bypass Privacy preferences |
|||||||
| x | x | x | |||||
| CVE-2022-42837 [critical] iTunes Store An issue existed in the parsing of URLs. This issue was addressed with improved input validation. A remote user may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | x | x | |||||
| CVE-2022-46702 [important] GPU Drivers The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
| x | |||||||
| CVE-2022-42850 [important] Graphics Driver The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2022-42846 [moderate] Graphics Driver The issue was addressed with improved memory handling. Parsing a maliciously crafted video file may lead to unexpected system termination |
|||||||
| x | |||||||
| CVE-2022-42844 [important] Kernel The issue was addressed with improved memory handling. An app may be able to break out of its sandbox |
|||||||
| x | |||||||
| CVE-2022-32943 [moderate] Photos The issue was addressed with improved bounds checks. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication |
|||||||
| x | x | ||||||
| CVE-2022-42862 [important] Printing This issue was addressed by removing the vulnerable code. An app may be able to bypass Privacy preferences |
|||||||
| x | x | ||||||
| CVE-2022-42847 [important] AMD An out-of-bounds write issue was addressed with improved input validation. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2022-42853 [important] Boot Camp An access issue was addressed with improved access restrictions. An app may be able to modify protected parts of the file system |
|||||||
| x | |||||||
| CVE-2022-46697 [important] IOMobileFrameBuffer An out-of-bounds access issue was addressed with improved bounds checking. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2022-24836 [critical] Ruby This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | |||||||
| CVE-2022-29181 [critical] Ruby This issue was addressed with improved checks. A remote user may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | |||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords:
0 comment(s)
Microsoft December 2022 Patch Tuesday
In the last Patch Tuesday of 2022, we got patches for 74 vulnerabilities. Of these, 7 are critical, 1 was previously disclosed, and 1 is already being exploited, according to Microsoft.
The exploited vulnerability is a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2022-44698). When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. Exploiting this vulnerability, an attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses. The CVSS for this vulnerability is 5.4.
Amongst critical vulnerabilities, there is a Remote Code Execution (RCE) affecting the .Net Framework (CVE-2022-41089). The exploitability for this one is ‘less likely’ according to Microsoft. The CVSS is 8.8.
A second critical vulnerability is an RCE affecting Microsoft SharePoint Server (CVE-2022-44690). According to the advisory, in a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. The CVSS for this vulnerability is 8.8.
Another critical vulnerability worth mentioning is an RCE in Powershell (CVE-2022-41076). The advisory says that the attack complexity is high as to exploit this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Additionally, it says that an authenticated attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. The CVSS for this vulnerability is 8.5.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
December 2022 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Remote Code Execution Vulnerability | |||||||
| CVE-2022-41089 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| Azure Network Watcher Agent Security Feature Bypass Vulnerability | |||||||
| CVE-2022-44699 | No | No | - | - | Important | 5.5 | 5.1 |
| Chromium: CVE-2022-4174 Type Confusion in V8 | |||||||
| CVE-2022-4174 | No | No | - | - | - | ||
| Chromium: CVE-2022-4175 Use after free in Camera Capture | |||||||
| CVE-2022-4175 | No | No | - | - | - | ||
| Chromium: CVE-2022-4177 Use after free in Extensions | |||||||
| CVE-2022-4177 | No | No | - | - | - | ||
| Chromium: CVE-2022-4178 Use after free in Mojo | |||||||
| CVE-2022-4178 | No | No | - | - | - | ||
| Chromium: CVE-2022-4179 Use after free in Audio | |||||||
| CVE-2022-4179 | No | No | - | - | - | ||
| Chromium: CVE-2022-4180 Use after free in Mojo | |||||||
| CVE-2022-4180 | No | No | - | - | - | ||
| Chromium: CVE-2022-4181 Use after free in Forms | |||||||
| CVE-2022-4181 | No | No | - | - | - | ||
| Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames | |||||||
| CVE-2022-4182 | No | No | - | - | - | ||
| Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker | |||||||
| CVE-2022-4183 | No | No | - | - | - | ||
| Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill | |||||||
| CVE-2022-4184 | No | No | - | - | - | ||
| Chromium: CVE-2022-4185 Inappropriate implementation in Navigation | |||||||
| CVE-2022-4185 | No | No | - | - | - | ||
| Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads | |||||||
| CVE-2022-4186 | No | No | - | - | - | ||
| Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools | |||||||
| CVE-2022-4187 | No | No | - | - | - | ||
| Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS | |||||||
| CVE-2022-4188 | No | No | - | - | - | ||
| Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools | |||||||
| CVE-2022-4189 | No | No | - | - | - | ||
| Chromium: CVE-2022-4190 Insufficient data validation in Directory | |||||||
| CVE-2022-4190 | No | No | - | - | - | ||
| Chromium: CVE-2022-4191 Use after free in Sign-In | |||||||
| CVE-2022-4191 | No | No | - | - | - | ||
| Chromium: CVE-2022-4192 Use after free in Live Caption | |||||||
| CVE-2022-4192 | No | No | - | - | - | ||
| Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API | |||||||
| CVE-2022-4193 | No | No | - | - | - | ||
| Chromium: CVE-2022-4194 Use after free in Accessibility | |||||||
| CVE-2022-4194 | No | No | - | - | - | ||
| Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing | |||||||
| CVE-2022-4195 | No | No | - | - | - | ||
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44710 | Yes | No | - | - | Important | 7.8 | 6.8 |
| Guidance on Microsoft Signed Drivers Being Used Maliciously | |||||||
| ADV220005 | No | No | - | - | None | ||
| Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | |||||||
| CVE-2022-41127 | No | No | - | - | Critical | 8.5 | 7.4 |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44708 | No | No | Less Likely | Less Likely | Important | 8.3 | 7.2 |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||||
| CVE-2022-44688 | No | No | Less Likely | Less Likely | Moderate | 4.3 | 3.8 |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41115 | No | No | - | - | Important | 6.6 | 5.8 |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||||
| CVE-2022-44692 | No | No | Unlikely | Unlikely | Important | 7.8 | 6.8 |
| CVE-2022-26804 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-26805 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-26806 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-47211 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-47212 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-47213 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Office OneNote Remote Code Execution Vulnerability | |||||||
| CVE-2022-44691 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||||
| CVE-2022-44694 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-44695 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-44696 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||||
| CVE-2022-44713 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-44690 | No | No | - | - | Critical | 8.8 | 7.7 |
| CVE-2022-44693 | No | No | - | - | Critical | 8.8 | 7.7 |
| Microsoft Windows Sysmon Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44704 | No | No | - | - | Important | 7.8 | 6.8 |
| Outlook for Android Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24480 | No | No | - | - | Important | 6.3 | 5.5 |
| PowerShell Remote Code Execution Vulnerability | |||||||
| CVE-2022-41076 | No | No | - | - | Critical | 8.5 | 7.4 |
| Raw Image Extension Remote Code Execution Vulnerability | |||||||
| CVE-2022-44687 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44675 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Bluetooth Driver Information Disclosure Vulnerability | |||||||
| CVE-2022-44674 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44673 | No | No | Less Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Contacts Remote Code Execution Vulnerability | |||||||
| CVE-2022-44666 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44669 | No | No | More Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Fax Compose Form Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41077 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44680 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-44697 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41121 | No | No | Less Likely | More Likely | Important | 7.8 | 6.8 |
| CVE-2022-44671 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Graphics Component Information Disclosure Vulnerability | |||||||
| CVE-2022-44679 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-41074 | No | No | Unlikely | Less Likely | Important | 5.5 | 4.8 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2022-44682 | No | No | - | - | Important | 6.8 | 5.9 |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41094 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Kernel Denial of Service Vulnerability | |||||||
| CVE-2022-44707 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44683 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Media Remote Code Execution Vulnerability | |||||||
| CVE-2022-44667 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-44668 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44678 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-44681 | No | No | Unlikely | Unlikely | Important | 7.8 | 6.8 |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44677 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||||
| CVE-2022-44676 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
| CVE-2022-44670 | No | No | - | - | Critical | 8.1 | 7.1 |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||||
| CVE-2022-44698 | No | Yes | - | - | Moderate | 5.4 | 5.0 |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44689 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Terminal Remote Code Execution Vulnerability | |||||||
| CVE-2022-44702 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Keywords:
0 comment(s)Packet Tuesday: ICMP Errors and the recent FreeBSD "ping" vulnerability. https://www.youtube.com/watch?v=Bgmfl17AQWA
ISC Stormcast For Tuesday, December 13th, 2022 https://isc.sans.edu/podcastdetail.html?id=8288
×
![modal content]()
Diary Archives
Comments