Apple iOS vulnerabilities

CVE-2022-32871 [LOW] CVE-2022-32871: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information

CVE-2022-32891 [MEDIUM] CWE-1021 CVE-2022-32891: The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchO The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.

CVE-2022-32833 [MEDIUM] CWE-922 CVE-2022-32833: An issue existed with the file paths used to store website data. The issue was resolved by improving An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

CVE-2022-32916 [MEDIUM] CWE-125 CVE-2022-32916: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory.

CVE-2022-32887 [HIGH] CVE-2022-32887: The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32907 [HIGH] CWE-269 CVE-2022-32907: This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32925 [HIGH] CWE-787 CVE-2022-32925: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory.

CVE-2022-32903 [HIGH] CWE-416 CVE-2022-32903: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32889 [HIGH] CVE-2022-32889: The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-22658 [MEDIUM] CWE-20 CVE-2022-22658: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service.

CVE-2022-32909 [MEDIUM] CWE-524 CVE-2022-32909: The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data.

CVE-2022-32859 [MEDIUM] CWE-642 CVE-2022-32859: A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted c A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.

CVE-2022-32835 [LOW] CWE-200 CVE-2022-32835: This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An ap This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-32908 [HIGH] CWE-787 CVE-2022-32908: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.

CVE-2022-32912 [HIGH] CWE-125 CVE-2022-32912: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32886 [HIGH] CWE-787 CVE-2022-32886: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32917 [HIGH] CWE-787 CVE-2022-32917: The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-32911 [HIGH] CWE-787 CVE-2022-32911: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, i The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32795 [MEDIUM] CVE-2022-32795: This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15 This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.

CVE-2022-32854 [MEDIUM] CVE-2022-32854: This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.