Apple Updates Everything

Published: 2022-12-13. Last Updated: 2022-12-13 20:53:27 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple released updates for iOS/iPadOS, MacOS, TVOS, and WatchOS. This significant update fixes 39 vulnerabilities. Many affect multiple operating systems. One vulnerability in WebKit is already being exploited. Please consider the table below "experimental," as we still try to figure out how to correctly parse and rank the Apple updates.

This update will also enable end-to-end encryption for some iCloud data, like backups. It should be obvious that once enabled, and your data will be lost if you lose access to your devices or iCloud credentials. During the setup process, Apple does allow you to setup a recovery contact, essentially a trusted person that will be able to authenticate you during password recovery.

 

Safari iOS and iPadOS MacOS Monterey (12.x) MacOS BigSur (10.x) macOS Ventura (13.x) TVOS WatchOS
WebKit Bugzilla [critical] *** EXPLOITED *** WebKit
A type confusion issue was addressed with improved state handling.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
x x     x x x
CVE-2022-42852 [important] WebKit
The issue was addressed with improved memory handling.
Processing maliciously crafted web content may result in the disclosure of process memory
x x     x x x
CVE-2022-46698 [important] WebKit
A logic issue was addressed with improved checks.
Processing maliciously crafted web content may disclose sensitive user information
x x     x x x
CVE-2022-42854 [important] Bluetooth
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
    x   x    
CVE-2022-42821 [important] BOM
A logic issue was addressed with improved checks.
An app may bypass Gatekeeper checks
    x x      
CVE-2022-32942 [important] DriverKit
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
    x x x    
CVE-2022-42861 [important] Kernel
This issue was addressed with improved checks.
An app may be able to break out of its sandbox
  x x   x    
CVE-2022-42864 [important] IOHIDFamily
A race condition was addressed with improved state handling.
An app may be able to execute arbitrary code with kernel privileges
  x x x x x x
CVE-2022-46689 [important] Kernel
A race condition was addressed with additional validation.
An app may be able to execute arbitrary code with kernel privileges
  x x x x x x
CVE-2022-42845 [important] Kernel
The issue was addressed with improved memory handling.
An app with root privileges may be able to execute arbitrary code with kernel privileges
  x x x x x x
CVE-2022-42842 [critical] Kernel
The issue was addressed with improved memory handling.
A remote user may be able to cause kernel code execution
  x x x x x x
CVE-2022-40303 [critical] libxml2
An integer overflow was addressed through improved input validation.
A remote user may be able to cause unexpected app termination or arbitrary code execution
    x x   x x
CVE-2022-40304 [critical] libxml2
This issue was addressed with improved checks.
A remote user may be able to cause unexpected app termination or arbitrary code execution
    x x   x x
CVE-2022-42840 [important] ppp
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
  x x x x    
CVE-2022-42855 [important] Preferences
A logic issue was addressed with improved state management.
An app may be able to use arbitrary entitlements
  x x   x x  
CVE-2022-42841 [critical] xar
A type confusion issue was addressed with improved checks.
Processing a maliciously crafted package may lead to arbitrary code execution
    x x x    
CVE-2022-42843 [important] Accounts
This issue was addressed with improved data protection.
A user may be able to view sensitive user information
  x     x x x
CVE-2022-46694 [critical] AppleAVD
An out-of-bounds write issue was addressed with improved input validation.
Parsing a maliciously crafted video file may lead to kernel code execution
  x       x x
CVE-2022-42865 [important] AppleMobileFileIntegrity
This issue was addressed by enabling hardened runtime.
An app may be able to bypass Privacy preferences
  x     x x x
CVE-2022-42848 [important] AVEVideoEncoder
A logic issue was addressed with improved checks.
An app may be able to execute arbitrary code with kernel privileges
  x       x  
CVE-2022-46693 [critical] ImageIO
An out-of-bounds write issue was addressed with improved input validation.
Processing a maliciously crafted file may lead to arbitrary code execution
  x     x x x
CVE-2022-42851 [important] ImageIO
The issue was addressed with improved memory handling.
Parsing a maliciously crafted TIFF file may lead to disclosure of user information
  x       x  
CVE-2022-46690 [important] IOMobileFrameBuffer
An out-of-bounds write issue was addressed with improved input validation.
An app may be able to execute arbitrary code with kernel privileges
  x     x x x
CVE-2022-46701 [critical] Kernel
The issue was addressed with improved bounds checks.
Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges
  x     x x  
CVE-2022-46695 [moderate] Safari
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Visiting a website that frames malicious content may lead to UI spoofing
  x     x x x
CVE-2022-42849 [important] Software Update
An access issue existed with privileged API calls. This issue was addressed with additional restrictions.
A user may be able to elevate privileges
  x       x x
CVE-2022-42866 [important] Weather
The issue was addressed with improved handling of caches.
An app may be able to read sensitive location information
  x     x x x
CVE-2022-42859 [important] CoreServices
Multiple issues were addressed by removing the vulnerable code.
An app may be able to bypass Privacy preferences
  x     x   x
CVE-2022-42837 [critical] iTunes Store
An issue existed in the parsing of URLs. This issue was addressed with improved input validation.
A remote user may be able to cause unexpected app termination or arbitrary code execution
  x     x   x
CVE-2022-46702 [important] GPU Drivers
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
  x          
CVE-2022-42850 [important] Graphics Driver
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
  x          
CVE-2022-42846 [moderate] Graphics Driver
The issue was addressed with improved memory handling.
Parsing a maliciously crafted video file may lead to unexpected system termination
  x          
CVE-2022-42844 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to break out of its sandbox
  x          
CVE-2022-32943 [moderate] Photos
The issue was addressed with improved bounds checks.
Shake-to-undo may allow a deleted photo to be re-surfaced without authentication
  x     x    
CVE-2022-42862 [important] Printing
This issue was addressed by removing the vulnerable code.
An app may be able to bypass Privacy preferences
  x     x    
CVE-2022-42847 [important] AMD
An out-of-bounds write issue was addressed with improved input validation.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-42853 [important] Boot Camp
An access issue was addressed with improved access restrictions.
An app may be able to modify protected parts of the file system
        x    
CVE-2022-46697 [important] IOMobileFrameBuffer
An out-of-bounds access issue was addressed with improved bounds checking.
An app may be able to execute arbitrary code with kernel privileges
        x    
CVE-2022-24836 [critical] Ruby
This issue was addressed with improved checks.
A remote user may be able to cause unexpected app termination or arbitrary code execution
        x    
CVE-2022-29181 [critical] Ruby
This issue was addressed with improved checks.
A remote user may be able to cause unexpected app termination or arbitrary code execution
        x    

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords:
0 comment(s)

Microsoft December 2022 Patch Tuesday

Published: 2022-12-13. Last Updated: 2022-12-13 18:31:55 UTC
by Renato Marinho (Version: 1)
0 comment(s)

In the last Patch Tuesday of 2022, we got patches for 74 vulnerabilities. Of these, 7 are critical, 1 was previously disclosed, and 1 is already being exploited, according to Microsoft.

The exploited vulnerability is a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2022-44698). When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. Exploiting this vulnerability, an attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses. The CVSS for this vulnerability is 5.4.

Amongst critical vulnerabilities, there is a Remote Code Execution (RCE) affecting the .Net Framework (CVE-2022-41089). The exploitability for this one is ‘less likely’ according to Microsoft. The CVSS is 8.8.

A second critical vulnerability is an RCE affecting Microsoft SharePoint Server (CVE-2022-44690). According to the advisory, in a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. The CVSS for this vulnerability is 8.8.

Another critical vulnerability worth mentioning is an RCE in Powershell (CVE-2022-41076). The advisory says that the attack complexity is high as to exploit this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Additionally, it says that an authenticated attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. The CVSS for this vulnerability is 8.5.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
 

December 2022 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Remote Code Execution Vulnerability
CVE-2022-41089 No No Less Likely Less Likely Critical 8.8 7.7
Azure Network Watcher Agent Security Feature Bypass Vulnerability
CVE-2022-44699 No No - - Important 5.5 5.1
Chromium: CVE-2022-4174 Type Confusion in V8
CVE-2022-4174 No No - - -    
Chromium: CVE-2022-4175 Use after free in Camera Capture
CVE-2022-4175 No No - - -    
Chromium: CVE-2022-4177 Use after free in Extensions
CVE-2022-4177 No No - - -    
Chromium: CVE-2022-4178 Use after free in Mojo
CVE-2022-4178 No No - - -    
Chromium: CVE-2022-4179 Use after free in Audio
CVE-2022-4179 No No - - -    
Chromium: CVE-2022-4180 Use after free in Mojo
CVE-2022-4180 No No - - -    
Chromium: CVE-2022-4181 Use after free in Forms
CVE-2022-4181 No No - - -    
Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames
CVE-2022-4182 No No - - -    
Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker
CVE-2022-4183 No No - - -    
Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill
CVE-2022-4184 No No - - -    
Chromium: CVE-2022-4185 Inappropriate implementation in Navigation
CVE-2022-4185 No No - - -    
Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads
CVE-2022-4186 No No - - -    
Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools
CVE-2022-4187 No No - - -    
Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS
CVE-2022-4188 No No - - -    
Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools
CVE-2022-4189 No No - - -    
Chromium: CVE-2022-4190 Insufficient data validation in Directory
CVE-2022-4190 No No - - -    
Chromium: CVE-2022-4191 Use after free in Sign-In
CVE-2022-4191 No No - - -    
Chromium: CVE-2022-4192 Use after free in Live Caption
CVE-2022-4192 No No - - -    
Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API
CVE-2022-4193 No No - - -    
Chromium: CVE-2022-4194 Use after free in Accessibility
CVE-2022-4194 No No - - -    
Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing
CVE-2022-4195 No No - - -    
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2022-44710 Yes No - - Important 7.8 6.8
Guidance on Microsoft Signed Drivers Being Used Maliciously
ADV220005 No No - - None    
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
CVE-2022-41127 No No - - Critical 8.5 7.4
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-44708 No No Less Likely Less Likely Important 8.3 7.2
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2022-44688 No No Less Likely Less Likely Moderate 4.3 3.8
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
CVE-2022-41115 No No - - Important 6.6 5.8
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-44692 No No Unlikely Unlikely Important 7.8 6.8
CVE-2022-26804 No No - - Important 7.8 6.8
CVE-2022-26805 No No - - Important 7.8 6.8
CVE-2022-26806 No No - - Important 7.8 6.8
CVE-2022-47211 No No - - Important 7.8 6.8
CVE-2022-47212 No No - - Important 7.8 6.8
CVE-2022-47213 No No - - Important 7.8 6.8
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2022-44691 No No More Likely Less Likely Important 7.8 6.8
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44694 No No - - Important 7.8 6.8
CVE-2022-44695 No No - - Important 7.8 6.8
CVE-2022-44696 No No - - Important 7.8 6.8
Microsoft Outlook for Mac Spoofing Vulnerability
CVE-2022-44713 No No - - Important 7.5 6.5
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-44690 No No - - Critical 8.8 7.7
CVE-2022-44693 No No - - Critical 8.8 7.7
Microsoft Windows Sysmon Elevation of Privilege Vulnerability
CVE-2022-44704 No No - - Important 7.8 6.8
Outlook for Android Elevation of Privilege Vulnerability
CVE-2022-24480 No No - - Important 6.3 5.5
PowerShell Remote Code Execution Vulnerability
CVE-2022-41076 No No - - Critical 8.5 7.4
Raw Image Extension Remote Code Execution Vulnerability
CVE-2022-44687 No No Less Likely Less Likely Important 7.8 6.8
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-44675 No No More Likely More Likely Important 7.8 6.8
Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2022-44674 No No Less Likely Less Likely Important 5.5 4.8
Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-44673 No No Less Likely More Likely Important 7.0 6.1
Windows Contacts Remote Code Execution Vulnerability
CVE-2022-44666 No No More Likely Less Likely Important 7.8 6.8
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2022-44669 No No More Likely Less Likely Important 7.0 6.1
Windows Fax Compose Form Elevation of Privilege Vulnerability
CVE-2022-41077 No No Less Likely Less Likely Important 7.8 6.8
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-44680 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-44697 No No More Likely Less Likely Important 7.8 6.8
CVE-2022-41121 No No Less Likely More Likely Important 7.8 6.8
CVE-2022-44671 No No - - Important 7.8 6.8
Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-44679 No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-41074 No No Unlikely Less Likely Important 5.5 4.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2022-44682 No No - - Important 6.8 5.9
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-41094 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Denial of Service Vulnerability
CVE-2022-44707 No No - - Important 6.5 5.7
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-44683 No No - - Important 7.8 6.8
Windows Media Remote Code Execution Vulnerability
CVE-2022-44667 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-44668 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-44678 No No More Likely Less Likely Important 7.8 6.8
CVE-2022-44681 No No Unlikely Unlikely Important 7.8 6.8
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2022-44677 No No Less Likely Less Likely Important 7.8 6.8
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-44676 No No Less Likely Less Likely Critical 8.1 7.1
CVE-2022-44670 No No - - Critical 8.1 7.1
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2022-44698 No Yes - - Moderate 5.4 5.0
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVE-2022-44689 No No Less Likely Less Likely Important 7.8 6.8
Windows Terminal Remote Code Execution Vulnerability
CVE-2022-44702 No No More Likely Less Likely Important 7.8 6.8

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
Packet Tuesday: ICMP Errors and the recent FreeBSD "ping" vulnerability. https://www.youtube.com/watch?v=Bgmfl17AQWA
ISC Stormcast For Tuesday, December 13th, 2022 https://isc.sans.edu/podcastdetail.html?id=8288

Comments


Diary Archives