Apple Fixes Multiple Zerodays

Apple Fixes Multiple Zerodays - CVE-2022-42856

Apple recently released updates for several of its operating systems, including iOS and iPadOS 16.2, macOS 13.1, watchOS 9.2, and tvOS 16.2. Along with these updates, the company also provided information about the closed vulnerabilities that were addressed in the updates. The list of vulnerabilities is extensive and includes serious issues that could potentially be exploited. In addition to these vulnerabilities, the updates also addressed zero-day exploits, which are vulnerabilities that have already been reported as being used in attacks. It is therefore important for users to install these updates as soon as possible in order to protect their devices.

The vulnerabilities fixed in the iOS and iPadOS 16.2 update alone affect numerous system areas, including accounts, AppleMobileFileIntegrity, CoreServices, and various driver and IO areas. Some of these vulnerabilities could allow arbitrary code to be executed, potentially with root privileges. There were also various fixes made to the kernel, Safari extensions, and WebKit, although Apple has not provided any additional information about these fixes.

Similarly, the macOS 13.1 update addressed around 30 vulnerabilities, many of which were considered severe to moderate. One of these vulnerabilities, a WebKit bug identified as CVE-2022-42856, is already being actively exploited. This bug affects only Mac devices, as well as iOS versions prior to 15.1, and could allow web content to be used to execute arbitrary code (though without root rights). The other vulnerabilities fixed in the macOS update also affect various system areas, including the kernel, lock screen, Safari extensions, and WebKit. However, Apple has not provided further details about these fixes at this time.

Apple Safari security update for CVE-2022-42856

Severity: 4

CVSS: (AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published: 12/14/2022

Created: 12/15/2022

Added: 12/14/2022

Modified: 12/15/2022

Description

A type confusion issue was addressed with improved state handling.

Solution(s)

1. apple-safari-upgrade-16_2

2. apple-safari-windows-uninstall

References

1. https://attackerkb.com/topics/cve-2022-42856

2. CVE – 2022-42856

3. http://support.apple.com/kb/HT213537

Share Our Story

Proxmark3 and the Lost Key 

The Proxmark is an RFID swiss-army tool, allowing for both high and low level interactions with the vast majority of RFID tags and systems world-wide. Proxmark3 can run independently from a PC powered by an optional battery, and offers depending on the targeted RFID Tag advanced functions like Offline Encryption, Online sniffing, default key cracking, data dumping, or the ability to run simulations. Read More »

January 1, 2023

Apple Fixes Multiple Zerodays

Read More »

December 18, 2022

Elementor (CVE2022-29455) – XSS Vulnerability

Read More »

December 7, 2022