Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apache ShenYu and Karaf Vulnerabilities
January 27, 2022
Rewterz
Rewterz Threat Advisory – Multiple Oracle Zero-Day Vulnerabilities
January 27, 2022

Multiple Apple watchOS, tvOS, macOS Monterey, iOS and iPadOS Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-22590 

Apple watchOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-22594 

Apple watchOS could allow a remote attacker to obtain sensitive information, caused by a cross-origin issue in the IndexDB API in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-22593 

Apple watchOS is vulnerable to a buffer overflow, caused by improper bounds checking by the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with kernel privileges.

CVE-2022-22592 

Apple watchOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to prevent Content Security Policy from being enforced.

CVE-2022-22589 

Apple watchOS could allow a remote attacker to execute arbitrary code on the system, caused by a validation issue in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-22585 

Apple watchOS could allow a local attacker to obtain sensitive information, caused by an issue within the path validation logic for symlinks in the iCloud component. By using a specially-crafted application, an attacker could exploit this vulnerability to access a user’s files.

CVE-2022-22579 

Apple tvOS could allow a remote attacker to execute arbitrary code on the system, caused by an information disclosure issue in the Model I/O component. By persuading a victim to open a specially crafted STL file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2022-22587 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption issue in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2022-22591 

Apple macOS Monterey could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption issue in the Intel Graphics Driver component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2022-22586 

Apple macOS Monterey could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write issue in the AMD Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code with kernel privileges.

CVE-2022-22583 

Apple macOS Monterey could allow a local attacker to obtain sensitive information, caused by a permissions issue in the PackageKit component. By using a specially-crafted application, an attacker could exploit this vulnerability to access restricted files.

CVE-2021-30972 

Apple macOS Catalina could allow a local attacker to bypass security restrictions, caused by an issue in the TCC component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass certain Privacy preferences.

Impact

  • Code Execution
  • Information Disclosure
  • Buffer Overflow
  • Privilege Escalation

Affected Vendors

  • Apple
  • Apple iOS
  • Apple iPadOS

Affected Products

  • Apple watchOS 8.3
  • Apple Safari 15.2
  • Apple tvOS 15.1
  • Apple tvOS 15.2
  • Apple iPadOS 15.2
  • Apple iOS 15.2
  • Apple macOS Monterey 12.1
  • Apple macOS Catalina
  • Apple macOS Big Sur 11.6.2

Remediation

Refer to Apple security advisory for patch, upgrade, or suggested workaround information.

CVE-2022-22590

https://support.apple.com/en-us/HT213059

CVE-2022-22594

https://support.apple.com/en-us/HT213058

CVE-2022-22593

https://support.apple.com/en-us/HT213058

CVE-2022-22592

https://support.apple.com/en-us/HT213058

CVE-2022-22589

https://support.apple.com/en-us/HT213058

CVE-2022-22585

https://support.apple.com/en-us/HT213059

CVE-2022-22579

https://support.apple.com/en-us/HT213059

CVE-2022-22587

https://support.apple.com/en-us/HT213057

CVE-2022-22591

https://support.apple.com/en-us/HT213057

CVE-2022-22586

https://support.apple.com/en-us/HT213054

CVE-2022-22583

https://support.apple.com/en-us/HT213054

CVE-2021-30972

https://support.apple.com/en-us/HT213056