Apple Tvos16.2 vulnerabilities

CVE-2022-48618 [HIGH] CVE-2022-48618: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-48618 Component: Kernel Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. Description: The issue was addressed with improved checks.

CVE-2022-42849 [HIGH] CVE-2022-42849: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42849 Component: Software Update Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2022-42848 [HIGH] CVE-2022-42848: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42848 Component: AVEVideoEncoder Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks.

CVE-2022-42865 [MEDIUM] CVE-2022-42865: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42865 Component: AppleMobileFileIntegrity Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime.

CVE-2022-46695 [MEDIUM] CVE-2022-46695: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-46695 Component: Safari Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-42852 [MEDIUM] CVE-2022-42852: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42852 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling.

CVE-2022-42851 [MEDIUM] CVE-2022-42851: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42851 Component: ImageIO Impact: Parsing a maliciously crafted TIFF file may lead to disclosure of user information Description: The issue was addressed with improved memory handling.

CVE-2022-46692 [MEDIUM] CVE-2022-46692: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-46692 Component: WebKit Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management.

CVE-2022-46698 [MEDIUM] CVE-2022-46698: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-46698 Component: WebKit Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks.

CVE-2022-42866 [MEDIUM] CVE-2022-42866: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42866 Component: Weather Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches.

CVE-2022-46705 [MEDIUM] CVE-2022-46705: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-46705 Component: WebKit Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-42843 [MEDIUM] CVE-2022-42843: tvOS16.2 Apple Security Update: About the security content of tvOS16.2 Product: tvOS16.2 CVE: CVE-2022-42843 Component: Accounts Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection.