Search
Search titles only
By:
Search titles only
By:
Home
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
Κανονισμός Λειτουργίας
Σωματείο AVClub
Log in
Register
Search
Search titles only
By:
Search titles only
By:
New posts
Search forums
Menu
Install the app
Install
Reply to thread
Home
Forums
Ειδικές Κατηγορίες
Apple Corner
iPhone
iOS 15
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="Μιχάλης Κορ." data-source="post: 1058823971" data-attributes="member: 119"><p>Για όποιον δεν μπορεί ή δεν θέλει να πάει στο ios 16, χθες βγήκε και η νέα έκδοση <strong><span style="font-size: 15px">15.7.2</span></strong>, γεμάτη με διορθώσεις :</p><p></p><p><strong>AppleAVD</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> Parsing a maliciously crafted video file may lead to kernel code execution</li> <li data-xf-list-type="ul"><strong>Description:</strong> An out-of-bounds write issue was addressed with improved input validation.</li> <li data-xf-list-type="ul"><strong>CVE-2022-46694:</strong> Andrey Labunets and Nikita Tarakanov</li> </ul><p><strong>AVEVideoEncoder</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact: </strong>An app may be able to execute arbitrary code with kernel privileges</li> <li data-xf-list-type="ul"><strong>Description: </strong>A logic issue was addressed with improved checks.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42848: </strong>ABC Research s.r.o</li> </ul><p><strong>File System</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> An app may be able to break out of its sandbox</li> <li data-xf-list-type="ul"><strong>Description: </strong>This issue was addressed with improved checks.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42861:</strong> pattern-f (@pattern_F_) of Ant Security Light-Year Lab</li> </ul><p><strong>Graphics Driver</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> Parsing a maliciously crafted video file may lead to unexpected system termination</li> <li data-xf-list-type="ul"><strong>Description:</strong> The issue was addressed with improved memory handling.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42846: </strong>Willy R. Vasquez of The University of Texas at Austin</li> </ul><p><strong>IOHIDFamily</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> An app may be able to execute arbitrary code with kernel privileges</li> <li data-xf-list-type="ul"><strong>Description:</strong> A race condition was addressed with improved state handling.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42864:</strong> Tommy Muir (@Muirey03)</li> </ul><p><strong>iTunes Store</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> A remote user may be able to cause unexpected app termination or arbitrary code execution</li> <li data-xf-list-type="ul"><strong>Description:</strong> An issue existed in the parsing of URLs. This issue was addressed with improved input validation.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42837:</strong> Weijia Dai (@dwj1210) of Momo Security</li> </ul><p><strong>Kernel</strong></p><p></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact: </strong>An app may be able to execute arbitrary code with kernel privileges</li> <li data-xf-list-type="ul"><strong>Description: </strong>A race condition was addressed with additional validation.</li> <li data-xf-list-type="ul"><strong>CVE-2022-46689:</strong> Ian Beer of Google Project Zero</li> </ul><p><strong>libxml2</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> A remote user may be able to cause unexpected app termination or arbitrary code execution</li> <li data-xf-list-type="ul"><strong>Description: </strong>An integer overflow was addressed through improved input validation.</li> <li data-xf-list-type="ul"><strong>CVE-2022-40303: </strong>Maddie Stone of Google Project Zero</li> </ul><p><strong>libxml2</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> A remote user may be able to cause unexpected app termination or arbitrary code execution</li> <li data-xf-list-type="ul"><strong>Description:</strong> This issue was addressed with improved checks.</li> <li data-xf-list-type="ul"><strong>CVE-2022-40304: </strong>Ned Williamson and Nathan Wachholz of Google Project Zero</li> </ul><p><strong>ppp</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> An app may be able to execute arbitrary code with kernel privileges</li> <li data-xf-list-type="ul"><strong>Description:</strong> The issue was addressed with improved memory handling.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42840:</strong> an anonymous researcher</li> </ul><p><strong>Preferences</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> An app may be able to use arbitrary entitlements</li> <li data-xf-list-type="ul"><strong>Description:</strong> A logic issue was addressed with improved state management.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42855:</strong> Ivan Fratric of Google Project Zero</li> </ul><p><strong>Safari</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact: </strong>Visiting a website that frames malicious content may lead to UI spoofing</li> <li data-xf-list-type="ul"><strong>Description:</strong> A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.</li> <li data-xf-list-type="ul"><strong>CVE-2022-46695: </strong>KirtiKumar Anandrao Ramchandani</li> </ul><p><strong>WebKit</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact: </strong>Processing maliciously crafted web content may lead to arbitrary code execution</li> <li data-xf-list-type="ul"><strong>Description:</strong> A memory consumption issue was addressed with improved memory handling.</li> <li data-xf-list-type="ul"><strong>CVE-2022-46691:</strong> an anonymous researcher</li> </ul><p><strong>WebKit</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> Processing maliciously crafted web content may result in the disclosure of process memory</li> <li data-xf-list-type="ul"><strong>Description: </strong>The issue was addressed with improved memory handling.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42852: </strong>hazbinhotel working with Trend Micro Zero Day Initiative</li> </ul><p><strong>WebKit</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> Processing maliciously crafted web content may bypass Same Origin Policy</li> <li data-xf-list-type="ul"><strong>Description:</strong> A logic issue was addressed with improved state management.</li> <li data-xf-list-type="ul"><strong>CVE-2022-46692: </strong>KirtiKumar Anandrao Ramchandani </li> </ul><p><strong>WebKit</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> Processing maliciously crafted web content may lead to arbitrary code execution</li> <li data-xf-list-type="ul"><strong>Description:</strong> A memory corruption issue was addressed with improved input validation.</li> <li data-xf-list-type="ul"><strong>CVE-2022-46700:</strong> Samuel Groß of Google V8 Security</li> </ul><p><strong>WebKit</strong></p><p></p><ul> <li data-xf-list-type="ul"><strong>Impact:</strong> Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.</li> <li data-xf-list-type="ul"><strong>Description: </strong>A type confusion issue was addressed with improved state handling.</li> <li data-xf-list-type="ul"><strong>CVE-2022-42856: </strong>Clément Lecigne of Google’s Threat Analysis Group</li> </ul></blockquote><p></p>
[QUOTE="Μιχάλης Κορ., post: 1058823971, member: 119"] Για όποιον δεν μπορεί ή δεν θέλει να πάει στο ios 16, χθες βγήκε και η νέα έκδοση [B][SIZE=4]15.7.2[/SIZE][/B], γεμάτη με διορθώσεις : [B]AppleAVD[/B] [LIST] [*][B]Impact:[/B] Parsing a maliciously crafted video file may lead to kernel code execution [*][B]Description:[/B] An out-of-bounds write issue was addressed with improved input validation. [*][B]CVE-2022-46694:[/B] Andrey Labunets and Nikita Tarakanov [/LIST] [B]AVEVideoEncoder[/B] [LIST] [*][B]Impact: [/B]An app may be able to execute arbitrary code with kernel privileges [*][B]Description: [/B]A logic issue was addressed with improved checks. [*][B]CVE-2022-42848: [/B]ABC Research s.r.o [/LIST] [B]File System[/B] [LIST] [*][B]Impact:[/B] An app may be able to break out of its sandbox [*][B]Description: [/B]This issue was addressed with improved checks. [*][B]CVE-2022-42861:[/B] pattern-f (@pattern_F_) of Ant Security Light-Year Lab [/LIST] [B]Graphics Driver[/B] [LIST] [*][B]Impact:[/B] Parsing a maliciously crafted video file may lead to unexpected system termination [*][B]Description:[/B] The issue was addressed with improved memory handling. [*][B]CVE-2022-42846: [/B]Willy R. Vasquez of The University of Texas at Austin [/LIST] [B]IOHIDFamily[/B] [LIST] [*][B]Impact:[/B] An app may be able to execute arbitrary code with kernel privileges [*][B]Description:[/B] A race condition was addressed with improved state handling. [*][B]CVE-2022-42864:[/B] Tommy Muir (@Muirey03) [/LIST] [B]iTunes Store[/B] [LIST] [*][B]Impact:[/B] A remote user may be able to cause unexpected app termination or arbitrary code execution [*][B]Description:[/B] An issue existed in the parsing of URLs. This issue was addressed with improved input validation. [*][B]CVE-2022-42837:[/B] Weijia Dai (@dwj1210) of Momo Security [/LIST] [B]Kernel[/B] [LIST] [*][B]Impact: [/B]An app may be able to execute arbitrary code with kernel privileges [*][B]Description: [/B]A race condition was addressed with additional validation. [*][B]CVE-2022-46689:[/B] Ian Beer of Google Project Zero [/LIST] [B]libxml2[/B] [LIST] [*][B]Impact:[/B] A remote user may be able to cause unexpected app termination or arbitrary code execution [*][B]Description: [/B]An integer overflow was addressed through improved input validation. [*][B]CVE-2022-40303: [/B]Maddie Stone of Google Project Zero [/LIST] [B]libxml2[/B] [LIST] [*][B]Impact:[/B] A remote user may be able to cause unexpected app termination or arbitrary code execution [*][B]Description:[/B] This issue was addressed with improved checks. [*][B]CVE-2022-40304: [/B]Ned Williamson and Nathan Wachholz of Google Project Zero [/LIST] [B]ppp[/B] [LIST] [*][B]Impact:[/B] An app may be able to execute arbitrary code with kernel privileges [*][B]Description:[/B] The issue was addressed with improved memory handling. [*][B]CVE-2022-42840:[/B] an anonymous researcher [/LIST] [B]Preferences[/B] [LIST] [*][B]Impact:[/B] An app may be able to use arbitrary entitlements [*][B]Description:[/B] A logic issue was addressed with improved state management. [*][B]CVE-2022-42855:[/B] Ivan Fratric of Google Project Zero [/LIST] [B]Safari[/B] [LIST] [*][B]Impact: [/B]Visiting a website that frames malicious content may lead to UI spoofing [*][B]Description:[/B] A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. [*][B]CVE-2022-46695: [/B]KirtiKumar Anandrao Ramchandani [/LIST] [B]WebKit[/B] [LIST] [*][B]Impact: [/B]Processing maliciously crafted web content may lead to arbitrary code execution [*][B]Description:[/B] A memory consumption issue was addressed with improved memory handling. [*][B]CVE-2022-46691:[/B] an anonymous researcher [/LIST] [B]WebKit[/B] [LIST] [*][B]Impact:[/B] Processing maliciously crafted web content may result in the disclosure of process memory [*][B]Description: [/B]The issue was addressed with improved memory handling. [*][B]CVE-2022-42852: [/B]hazbinhotel working with Trend Micro Zero Day Initiative [/LIST] [B]WebKit[/B] [LIST] [*][B]Impact:[/B] Processing maliciously crafted web content may bypass Same Origin Policy [*][B]Description:[/B] A logic issue was addressed with improved state management. [*][B]CVE-2022-46692: [/B]KirtiKumar Anandrao Ramchandani [/LIST] [B]WebKit[/B] [LIST] [*][B]Impact:[/B] Processing maliciously crafted web content may lead to arbitrary code execution [*][B]Description:[/B] A memory corruption issue was addressed with improved input validation. [*][B]CVE-2022-46700:[/B] Samuel Groß of Google V8 Security [/LIST] [B]WebKit[/B] [LIST] [*][B]Impact:[/B] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. [*][B]Description: [/B]A type confusion issue was addressed with improved state handling. [*][B]CVE-2022-42856: [/B]Clément Lecigne of Google’s Threat Analysis Group [/LIST] [/QUOTE]
Verification
Post reply
Home
Forums
Ειδικές Κατηγορίες
Apple Corner
iPhone
iOS 15
Top
Bottom
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…