Video conferencing platform fixes cross-site scripting vulnerability

Video conferencing platform fixes cross-site scripting vulnerability

  

Zoom has patched a cross-site scripting (XSS) bug that worked in both the desktop and web versions of its Whiteboard app.

Zoom Whiteboard allows users to collaborate in real-time on a shared canvas by adding and editing different objects. Whiteboard runs JavaScript code both in the browser and the desktop app.

**Escaping sanitization**

The XSS bug in Zoom Whiteboard was discovered by security researcher Eugene Lim (also known as ‘spaceraccoon’). Lim focuses on the overlap between web, mobile, desktop, and other platforms, which is how he became interested in investigating Zoom Whiteboard.

Whiteboard supports several types of objects, including text, shapes, rich text, images, and sticky notes.

To store and transfer objects, it uses Protocol Buffer (), a language- and platform-neutral markup standard for serializing structured data. It uses WebSocket to broadcast objects across all clients and provide real-time updates on the whiteboard.

Read more of the latest news about web security vulnerabilities

Once received, the client transforms the object into its corresponding React component and inserts it into the user interface.

React automatically sanitizes all HTML attributes contained in the whiteboard objects. However, a few of the objects allow some HTML tags. For some objects, the developers used custom regex functions to sanitize user input and remove disallowed tags.

Lim discovered that with a well-crafted HTML string, he could bypass the sanitization check and send arbitrary JavaScript code to all other clients and stage an XSS attack.

**Weaponizing the clipboard**

Exploiting the bug would require a complicated effort by the attacker.

“WebSocket messages are sent in the format. This makes it tricky to write a proof-of-concept that’s easy for triagers to reproduce because they need to intercept the WebSocket request as well as modify the message correctly before the request is dropped,” Lim told The Daily Swig.

To overcome this challenge, he developed an end-to-end proof of concept script that used the clipboard to create and deliver the XSS payload.

**The challenges of hybrid applications**

Lim believes there are two factors that make it difficult to find and plug such bugs. First is the breadth and depth of JavaScript web APIs that support additional features.

“From WebRTC (video calling) to WebGL (2D/3D graphics), there’s a lot more you can do in a browser nowadays than simply pop an alert. This increases the attack surface and potential for bypasses,” he said.

And second is the growing overlap between web and native/desktop applications.

“Developers need to secure their apps across multiple platforms, which increases the complexity as JavaScript in React on Safari might work slightly differently than React Native with Hermes on Android,” Lim said.

**Check your third-party dependencies**

Finally, Lim warned about flaws in third-party dependencies.

“Code scanning tools did not pick up the actual \[Zoom\] vulnerability because the user input flowed through a third-party dependency,” he said.

Typically, code scans in CI/CD pipelines do not install third-party dependencies and run only on the project source code.

“The takeaway here is to be very aware of the third-party components you are using and how you are using them,” Lim said. “Additionally, regexes are very tricky to do yourself so it may be better to rely on libraries like DOMPurify.”

DON’T MISS How to become a penetration tester: Part 2 – ‘Mr hacking’ John Jackson on the virtue of ‘endless curiosity’

Zoom Whiteboard patches XSS bug

Categories: Android
Categories: News
Tags: Android

Tags:  banking Trojan

Tags:  Godfather

Tags:  Anubis

Tags:  lay-over screen

Tags:  MYT

Tags:  Google Protect

Researchers have uncovered a new campaign of the Godfather banking Trojan, that comes with some new tricks.



(Read more...)




The post Godfather Android banking malware is on the rise appeared first on Malwarebytes Labs.

Researchers at Cyble Research & Intelligence Labs (CRIL) have found a new version of the Android banking Trojan called Godfather.

The new version of Godfather uses an icon and name similar to a legitimate application named MYT Music, which is hosted on the Google Play Store with over 10 million downloads.

**History**

Group-IB researchers established that Godfather is a successor of Anubis. Anubis was a widely used Android banking Trojan that lost popularity after its functionality got limited by Android updates and security vendors’ detection and prevention efforts.

Godfather's success is mostly due to its ability to create convincing lay-over screens for over 400 applications. This use of lay-over screens or web fakes, are basically HTML pages created by threat actors that display over legitimate applications. This allows the threat actors to harvest login credentials for banking applications and other financial services. The target apps include banking applications, cryptocurrency wallets, and crypto exchanges.

The most popular target apps for the banking Trojan are in the United States (49 companies), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the United Kingdom (17). The Trojan checks the system language of the infected device and shuts down if it is one of these: Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik.

**Install**

Several of the new Godfather samples were found masquerading as the MYT Müzik application which is written in the Turkish language. After installing it uses an icon and the name that are very similar to a legitimate application named MYT Music. MYT Music is a popular app with over 10 million installs.

**Getting permissions**

To get the necessary permissions, the Trojan poses as Google Protect, which is a standard security tool found on all Android devices. It pretends to initiate a scan and asks the user for access to the Accessibility Service. Which makes sense to the user given that they think the app will scan the device. With access to the Accessibility Service, the Trojan can grant itself all the permissions it needs to steal information from the affected device.

**Capabilities**

Once fully active, Godfather steals sensitive data such as SMS messages, basic device details including installed apps data, and the device’s phone number. It can also control the device screen, forward incoming calls of the victim’s device, and inject banking URLs. The Trojan is capable of initiating money transfers by making USSD (Unstructured Supplementary Service Data) calls without using the dialer user interface

It sends the harvested data to the attacker. Who, in turn, now know which apps are installed and can inject HTML phishing pages that are most effective if the victim has the imitated app installed. The Command & Control (C2) server’s URL is fetched from a Telegram channel.

**IOCs**

For the variant posing as the MYT Muzik app CRIL provided:

APK Metadata Information

*   App Name: MYT Müzik
*   Package Name: com.expressvpn.vpn
*   SHA256 Hash: 138551cd967622832f8a816ea1697a5d08ee66c379d32d8a6bd7fca9fdeaecc4

Malwarebytes for Android detects these new variants of the Godfather Trojan as Android/Trojan.Spy.Banker.MYT.

**How to avoid malware**

There are a few basic guidelines that can help you prevent installing malware on your device.

*   Download and install software only from official app stores like Google Play Store or the iOS App Store. And check whether the app you are downloading is exactly the one you wanted and not some imitator.
*   Use a reputed anti-virus/anti-malware and internet security software package on your connected devices, such as PCs, laptops, and mobile devices.
*   Use strong passwords and enforce multi-factor authentication (MFA) wherever possible.
*   Enable biometric security features such as fingerprint or facial recognition for unlocking the mobile device if possible.
*   Be very careful before opening any links received via SMS or emails delivered to your phone.
*   Ensure that Google Play Protect is enabled on Android devices.
*   Be careful while enabling any permissions. Reading carefully what you are allowing an app to do helps you flag unusual and suspicious requests.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Godfather Android banking malware is on the rise

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-12-13-9 Safari 16.2

Safari 16.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213537.

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 245521  
CVE-2022-42867: Maddie Stone of Google Project Zero

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory consumption issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 245466  
CVE-2022-46691: an anonymous researcher

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 246783  
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may result in the  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day  
Initiative

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
WebKit Bugzilla: 246942  
CVE-2022-46696: Samuel Groß of Google V8 Security  
WebKit Bugzilla: 247562  
CVE-2022-46700: Samuel Groß of Google V8 Security

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may disclose  
sensitive user information  
Description: A logic issue was addressed with improved checks.  
CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 247420  
CVE-2022-46699: Samuel Groß of Google V8 Security  
WebKit Bugzilla: 244622  
CVE-2022-42863: an anonymous researcher

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited against versions of iOS released  
before iOS 15.1.  
Description: A type confusion issue was addressed with improved state  
handling.  
WebKit Bugzilla: 248266  
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group

Additional recognition

WebKit  
We would like to acknowledge an anonymous researcher, scarlet for  
their assistance.

Safari 16.2 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX0ACgkQ4RjMIDke  
NxniRQ/+LTObFcBEWogS56q3+7wjz2BgzBZYn4gwNGfvXf0zZfmXnTE0WXUolVa1  
8/glHt7Tu5/KKfy6JDqmQvrF6fo2YpBgH0wrux/j4VPVCeaaOa2gXRAw0CBa4e4E  
OabGVEXEsgJjyE4MSMKh8Hn1VD4ANTPPKn5jWmDsCsSS2zEo94gD7Mkqh81CeFoV  
Yhmbv87nZAdEz2nHUkoM6PmN8SPAY5VtRp6i1rbkpcmMfs3VyA/ehnkfBGQK2xH7  
vHpx2yyoXlqwR0zc7uHEge13e8kZ1Zh8UdIecgJuoyOvvmRR5DcchMFUYpUq8JcZ  
JOqN2lsRBu52WvoEGCkD80/PWamhD+CJWeMvgbvEZSOiNKKOSY1qO0w0NsGMPXCh  
6xdcjfeTpslNn4zNUfaAwnUGIyxbIsNNHIgw3VX5GnFihpEsknBqbjxTLCBrDdFE  
T5xuHPBj7vXEW3V2ZXVt2MctWCr0GQdHt66C2m3gAEhL9xoN6YMEXLI0RVgUHmaf  
hOY/EZMIGm1cL33OvMKuvWCJuGW81+2+LJSwoscguhrj7Jb2qTOL2w06VDyNftuY  
F876pPWZgEj1O7DAtL9OP8IdrpSmQnAkvVUIZA6Sx3MaxTdl4f6lG4NlcsMGz+se  
PxxMCYWi8f/sPNxSdfoYardNkQcPsKm13UFu+Q9nSuV0A+x0qgA=  
=F0qN  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-12-13-7 tvOS 16.2

tvOS 16.2 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213535.

Accounts  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: A user may be able to view sensitive user information  
Description: This issue was addressed with improved data protection.  
CVE-2022-42843: Mickey Jin (@patch1t)

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Parsing a maliciously crafted video file may lead to kernel  
code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

AppleMobileFileIntegrity  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing

AVEVideoEncoder  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A logic issue was addressed with improved checks.  
CVE-2022-42848: ABC Research s.r.o

ImageIO  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing a maliciously crafted file may lead to arbitrary  
code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-46693: Mickey Jin (@patch1t)

ImageIO  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Parsing a maliciously crafted TIFF file may lead to  
disclosure of user information  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42851: Mickey Jin (@patch1t)

IOHIDFamily  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-42864: Tommy Muir (@Muirey03)

IOMobileFrameBuffer  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-46690: John Aakerblom (@jaakerblom)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A race condition was addressed with additional  
validation.  
CVE-2022-46689: Ian Beer of Google Project Zero

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Connecting to a malicious NFS server may lead to arbitrary  
code execution with kernel privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-46701: Felix Poulin-Belanger

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: A remote user may be able to cause kernel code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year  
Lab

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42845: Adam Doupé of ASU SEFCOM

libxml2  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: An integer overflow was addressed through improved input  
validation.  
CVE-2022-40303: Maddie Stone of Google Project Zero

libxml2  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project  
Zero

Preferences  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to use arbitrary entitlements  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-42855: Ivan Fratric of Google Project Zero

Safari  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: A spoofing issue existed in the handling of URLs. This  
issue was addressed with improved input validation.  
CVE-2022-46695: KirtiKumar Anandrao Ramchandani

Software Update  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: A user may be able to elevate privileges  
Description: An access issue existed with privileged API calls. This  
issue was addressed with additional restrictions.  
CVE-2022-42849: Mickey Jin (@patch1t)

Weather  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2022-42866: an anonymous researcher

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 245521  
CVE-2022-42867: Maddie Stone of Google Project Zero

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory consumption issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 245466  
CVE-2022-46691: an anonymous researcher

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 246783  
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may result in the  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day  
Initiative

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
WebKit Bugzilla: 246942  
CVE-2022-46696: Samuel Groß of Google V8 Security  
WebKit Bugzilla: 247562  
CVE-2022-46700: Samuel Groß of Google V8 Security

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may disclose  
sensitive user information  
Description: A logic issue was addressed with improved checks.  
CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 247420  
CVE-2022-46699: Samuel Groß of Google V8 Security  
WebKit Bugzilla: 244622  
CVE-2022-42863: an anonymous researcher

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation and later),  
and Apple TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited against versions of iOS released  
before iOS 15.1.  
Description: A type confusion issue was addressed with improved state  
handling.  
WebKit Bugzilla: 248266  
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group

Additional recognition

Kernel  
We would like to acknowledge Zweig of Kunlun Lab for their  
assistance.

Safari Extensions  
We would like to acknowledge Oliver Dunk and Christian R. of  
1Password for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher and scarlet for  
their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke  
NxkItA/+LIwJ66Odl7Uwp1N/qek5Z/TBuPKlbgTwRZGT3LBVMVmyHTBzebA88aNq  
Pae1RKQ2Txw4w9Tb7a08eeqRQD51MBoSjTxf23tO1o0B1UR3Hgq3gsOSjh/dTq9V  
Jvy4DpO15xdVHP3BH/li114JpgR+FoD5Du0rPffL01p6YtqeWMSvnRoCmwNcIqou  
i2ZObfdrL2WJ+IiDIlMoJ3v+B1tDxOWR6Mn37iRdzl+QgrQMQtP9pSsiAPCntA+y  
eFM5Hp0JlOMtCfA+xT+LRoZHCbjTCFMRlRbNffGvrNwwdTY4MXrSYlKcIo3yFT2m  
KSHrQNvqzWhmSLAcHlUNo0lVvtPAlrgyilCYaeRNgRC1+x8KRf/AcErXr23oKknJ  
lzIF6eVk1K3mxUmR+M+P8+cr14pbrUwJcQlm0In6/8fUulHtcElLE3fJ+HJVImx8  
RtvNmuCng5iEK1zlwgDvAKO3EgMrMtduF8aygaCcBmt65GMkHwvOGCDXcIrKfH9U  
sP4eY7V3t4CQd9TX3Vlmt47MwRTSVuUtMcQeQPhEUTdUbM7UlvtW8igrLvkz9uPn  
CpuE2mzhd/dJANXvMFBR9A0ilAdJO1QD/uSWL+UbKq4BlyiW5etd8gObQfHqqW3C  
sh0EwxLh4ATicRS9btAJMwIfK/ulYDWp4yuIsUamDj/sN9xWvXY=  
=i2O9  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-7

Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-12-13-4 macOS Ventura 13.1

macOS Ventura 13.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213532.

Accounts  
Available for: macOS Ventura  
Impact: A user may be able to view sensitive user information  
Description: This issue was addressed with improved data protection.  
CVE-2022-42843: Mickey Jin (@patch1t)

AMD  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-42847: ABC Research s.r.o.

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing

Bluetooth  
Available for: macOS Ventura  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Boot Camp  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file  
system  
Description: An access issue was addressed with improved access  
restrictions.  
CVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro

CoreServices  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: Multiple issues were addressed by removing the  
vulnerable code.  
CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of  
Offensive Security

DriverKit  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted file may lead to arbitrary  
code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-46693: Mickey Jin (@patch1t)

IOHIDFamily  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-42864: Tommy Muir (@Muirey03)

IOMobileFrameBuffer  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-46690: John Aakerblom (@jaakerblom)

IOMobileFrameBuffer  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic  
(@antoniozekic)

iTunes Store  
Available for: macOS Ventura  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: An issue existed in the parsing of URLs. This issue was  
addressed with improved input validation.  
CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A race condition was addressed with additional  
validation.  
CVE-2022-46689: Ian Beer of Google Project Zero

Kernel  
Available for: macOS Ventura  
Impact: Connecting to a malicious NFS server may lead to arbitrary  
code execution with kernel privileges  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-46701: Felix Poulin-Belanger

Kernel  
Available for: macOS Ventura  
Impact: A remote user may be able to cause kernel code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year  
Lab

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with improved checks.  
CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year  
Lab

Kernel  
Available for: macOS Ventura  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42845: Adam Doupé of ASU SEFCOM

Photos  
Available for: macOS Ventura  
Impact: Shake-to-undo may allow a deleted photo to be re-surfaced  
without authentication  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32943: an anonymous researcher

ppp  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42840: an anonymous researcher

Preferences  
Available for: macOS Ventura  
Impact: An app may be able to use arbitrary entitlements  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-42855: Ivan Fratric of Google Project Zero

Printing  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-42862: Mickey Jin (@patch1t)

Ruby  
Available for: macOS Ventura  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-24836  
CVE-2022-29181

Safari  
Available for: macOS Ventura  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: A spoofing issue existed in the handling of URLs. This  
issue was addressed with improved input validation.  
CVE-2022-46695: KirtiKumar Anandrao Ramchandani

Weather  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2022-42866: an anonymous researcher

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 245521  
CVE-2022-42867: Maddie Stone of Google Project Zero

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory consumption issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 245466  
CVE-2022-46691: an anonymous researcher

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may bypass Same  
Origin Policy  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 246783  
CVE-2022-46692: KirtiKumar Anandrao Ramchandani

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may result in the  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day  
Initiative

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
WebKit Bugzilla: 246942  
CVE-2022-46696: Samuel Groß of Google V8 Security  
WebKit Bugzilla: 247562  
CVE-2022-46700: Samuel Groß of Google V8 Security

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may disclose  
sensitive user information  
Description: A logic issue was addressed with improved checks.  
CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 247420  
CVE-2022-46699: Samuel Groß of Google V8 Security  
WebKit Bugzilla: 244622  
CVE-2022-42863: an anonymous researcher

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited against versions of iOS released  
before iOS 15.1.  
Description: A type confusion issue was addressed with improved state  
handling.  
WebKit Bugzilla: 248266  
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group

xar  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted package may lead to  
arbitrary code execution  
Description: A type confusion issue was addressed with improved  
checks.  
CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7

Additional recognition

Kernel  
We would like to acknowledge Zweig of Kunlun Lab for their  
assistance.

Lock Screen  
We would like to acknowledge Kevin Mann for their assistance.

Safari Extensions  
We would like to acknowledge Oliver Dunk and Christian R. of  
1Password for their assistance.

WebKit  
We would like to acknowledge an anonymous researcher and scarlet for  
their assistance.

macOS Ventura 13.1 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYAACgkQ4RjMIDke  
Nxk1zRAAuqDsK19ODzl+oIO6xYMDcbiQV/ibvU9uwLtwTR8Y2wLga9V/vaaPTS6z  
qRkTivKEfdLMVW8Xlzl1jb+BMS0+dIjYrPAFatU8A5H2A3MLY5Trl9tTs+D8BgQJ  
reLRAyR6qJVwu+VMMjgrUxkQliPNYeumrmLwmKJdByYPzv4GLY5bOIf6siUAIJdB  
vs2zzcq6+BnoJkS1iYa+Ub5S3bSryR2i8vrSit6PcYBtLKHxUJaK2YBdA8LoqB4J  
wenkEaEhyilm0bpyyF0VxDuvOcotqrGa2ikScrik/N/NueMqDi9duo9kKKVia0xa  
Gx2cYLNDG10KBmz9w9B8YC6lNa6t7M5zmCYn8TmXTfndd7fCYbYajZNT0WxIYteK  
sXYPkVpqEd4KVZxtQ3MfHlx5y4FwnqBkLACnfsNCs4KatbJPEg9Qy9Mn2ymi/9He  
UoVt3XnQVhAgGIRV2qezjV9r0rtgnWpSKvFd9LSDcB9F6b/bzRipbxVnqdWCL1If  
ymeeEY8BJ7WJnFqgXzRo42+4bp4R67iNH+Z/JjUy/Z7C3f2O66fFZu2pNL1vLILA  
Wi/dprF13SjqCIavwWPbVL8UvfaAwBz53y38gwei6eSdsEO383r0XIIKjErGbWm6  
hqHq/QKTWHQZqUFj4kUb4Ajw8Qe0j0qSrCLt4Wl11u/0r5hTRyI=  
=C5EK  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-4

Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-12-13-3 iOS 16.1.2iOS 16.1.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213516.WebKitAvailable for: iPhone 8 and laterImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited against versions of iOS releasedbefore iOS 15.1.Description: A type confusion issue was addressed with improved statehandling.WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.1.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYEACgkQ4RjMIDkeNxll4hAAolqnH+W3gE3w2Xri3wUchwkj6WPhfWcwwc+l0cxUxiDqzhGSkW4kNTVIeCjENaJ4WfsK7COfxx8qnmQtcqV8P406XtDomeE96Rm/euCEzkSpVPSs4S8+YwvOqRNWVbWmWQ1gKFSqkuZb2Y5IAnA+KI3Fw1M1iq8Cbs/bkUVjNfrIrrPgl19BercEOjsjq+BQS15dIq84GUiSv/KTU31NKMeSQLB8O9+u91tuBex2b+1mdwb15K1R17OIe/exVA2qnQFctfhWu2uh2izckATylQjtvQHMr0pAwdEoLyRl1xXrW62DeVwWBsn0bxUhjSfS/clmXyN/hL1ocgUrHrI9yAVST5oug/LqR8RjTkgTBcGF9C0YMXaexvA0y2AhF70pl67UESleBSRddayFAW2lZkV/YdJosxGLsRviy8jdiiQ4VJ5xI9TAECbUGgF2qHVSz4gnlyyDUfUqHUmjLej48qCMbadY4IQQmvW30yiCW+shHfaLzCBYZ2cLhUCD7IqU7C1+KE+bJ1Y/k7EXOkLWhZ9go7kKUF6OfpVd6OPIYd4R38eghUXU4ZviQwYQlkXm1Q+DZrwaOvMf0kMkCA/10ktuzhKSpiCI/47BqcE8VYi0CCbOUaSZSPi6P0jlpuIsxCd1UKkGaTsfdJIyeNY1VPHkiOl2BYpIelCqqhOiNHc==wMpD-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-3

Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2iOS 15.7.2 and iPadOS 15.7.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213531.AppleAVDAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Parsing a maliciously crafted video file may lead to kernelcode executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46694: Andrey Labunets and Nikita TarakanovAVEVideoEncoderAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A logic issue was addressed with improved checks.CVE-2022-42848: ABC Research s.r.oFile SystemAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-YearLabGraphics DriverAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Parsing a maliciously crafted video file may lead tounexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2022-42846: Willy R. Vasquez of The University of Texas at AustinIOHIDFamilyAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with improved statehandling.CVE-2022-42864: Tommy Muir (@Muirey03)iTunes StoreAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: An issue existed in the parsing of URLs. This issue wasaddressed with improved input validation.CVE-2022-42837: Weijia Dai (@dwj1210) of Momo SecurityKernelAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with additionalvalidation.CVE-2022-46689: Ian Beer of Google Project Zerolibxml2Available for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: An integer overflow was addressed through improved inputvalidation.CVE-2022-40303: Maddie Stone of Google Project Zerolibxml2Available for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: This issue was addressed with improved checks.CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google ProjectZeropppAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42840: an anonymous researcherPreferencesAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: An app may be able to use arbitrary entitlementsDescription: A logic issue was addressed with improved statemanagement.CVE-2022-42855: Ivan Fratric of Google Project ZeroSafariAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Visiting a website that frames malicious content may lead toUI spoofingDescription: A spoofing issue existed in the handling of URLs. Thisissue was addressed with improved input validation.CVE-2022-46695: KirtiKumar Anandrao RamchandaniWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory consumption issue was addressed with improvedmemory handling.WebKit Bugzilla: 245466CVE-2022-46691: an anonymous researcherWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may result in thedisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-42852: hazbinhotel working with Trend Micro Zero DayInitiativeWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may bypass SameOrigin PolicyDescription: A logic issue was addressed with improved statemanagement.WebKit Bugzilla: 246783CVE-2022-46692: KirtiKumar Anandrao RamchandaniWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedinput validation.WebKit Bugzilla: 247562CVE-2022-46700: Samuel Groß of Google V8 SecurityWebKitAvailable for: iPhone 6s (all models), iPhone 7 (all models), iPhoneSE (1st generation), iPad Pro (all models), iPad Air 2 and later,iPad 5th generation and later, iPad mini 4 and later, and iPod touch(7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited against versions of iOS releasedbefore iOS 15.1.Description: A type confusion issue was addressed with improved statehandling.WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis GroupThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.7.2 and iPadOS 15.7.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDkeNxn07xAA2gJjgY+Ql7WKtXSxsU4snP+8d2zDgD5hKkZVETJrKG1TGwAKK/YdW0Ug8nmj/DIU+RRsU8KpGLiN4TGsHVot1GaDwwMQ/HCUG4bHFjknc0TqrTkUCfG6rnkhbFouinoNfyPf7gcmLkQg2AhrNjA/a9QJzfmX2XKtGybIN1kFDd8eMKb/setgVQUS12h4N6YBI4WjSGvyZ8vagqpMRAz0An4lSEoa21CN1ViM0E4wBWIyU8Ux05fN+Lvn2gefdjyGV5IP63z3kYe4D/Vt6yatBo1n7ERM9If7IMGO5O8DJqrynTZ3q1kCsxcRQheJHkPZDF/8ogjAdNiOzqybSzhhcNk0uteTSXX1tYGvRos7GyDSTG6/KjuFvB60Wohwzr16o6VkcZyaU41cA9dWKrv3+RRTm7UR2/CKGngrjcnm4jAotR+pjtQU444vECGQVTx/qat7Eu+IFe2llm8JcjBHjx1R6Rbb8sqmzD4lVDja/aZ2491vsVdOytq+cZ59nZqwbG7vo8mBow+zEcoKsh8pAGRYoLW3WU1MetNt04V9d+7Fv7wG/+BNkzHNqOhOa7+4SwD8wvApxdF2+hZgSD26owwkbfG4hnf71w4DSDPpwRC/CoRvhDMZToSlsPLIWP29jIII09N8TNW3PVlIAjquv7oxir7BohtGu5ioSmgI3fQ==wLMf-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-2

Apple Security Advisory 2022-12-13-1 - iOS 16.2 and iPadOS 16.2 addresses bypass, code execution, out of bounds write, spoofing, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2iOS 16.2 and iPadOS 16.2 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213530.AccountsAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A user may be able to view sensitive user informationDescription: This issue was addressed with improved data protection.CVE-2022-42843: Mickey Jin (@patch1t)AppleAVDAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Parsing a maliciously crafted video file may lead to kernelcode executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46694: Andrey Labunets and Nikita TarakanovAppleMobileFileIntegrityAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed by enabling hardened runtime.CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRingAVEVideoEncoderAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A logic issue was addressed with improved checks.CVE-2022-42848: ABC Research s.r.oCoreServicesAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: Multiple issues were addressed by removing thevulnerable code.CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) ofOffensive SecurityGPU DriversAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-46702: Xia0o0o0o of W4terDr0p, Sun Yat-sen UniversityGraphics DriverAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42850: Willy R. Vasquez of The University of Texas at AustinGraphics DriverAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Parsing a maliciously crafted video file may lead tounexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2022-42846: Willy R. Vasquez of The University of Texas at AustinImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing a maliciously crafted file may lead to arbitrarycode executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46693: Mickey Jin (@patch1t)ImageIOAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Parsing a maliciously crafted TIFF file may lead todisclosure of user informationDescription: The issue was addressed with improved memory handling.CVE-2022-42851: Mickey Jin (@patch1t)IOHIDFamilyAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with improved statehandling.CVE-2022-42864: Tommy Muir (@Muirey03)IOMobileFrameBufferAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-46690: John Aakerblom (@jaakerblom)iTunes StoreAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A remote user may be able to cause unexpected app terminationor arbitrary code executionDescription: An issue existed in the parsing of URLs. This issue wasaddressed with improved input validation.CVE-2022-42837: Weijia Dai (@dwj1210) of Momo SecurityKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A race condition was addressed with additionalvalidation.CVE-2022-46689: Ian Beer of Google Project ZeroKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Connecting to a malicious NFS server may lead to arbitrarycode execution with kernel privilegesDescription: The issue was addressed with improved bounds checks.CVE-2022-46701: Felix Poulin-BelangerKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A remote user may be able to cause kernel code executionDescription: The issue was addressed with improved memory handling.CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-YearLabKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-YearLabKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: The issue was addressed with improved memory handling.CVE-2022-42844: pattern-f (@pattern_F_) of Ant Security Light-YearLabKernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app with root privileges may be able to execute arbitrarycode with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42845: Adam Doupé of ASU SEFCOMPhotosAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Shake-to-undo may allow a deleted photo to be re-surfacedwithout authenticationDescription: The issue was addressed with improved bounds checks.CVE-2022-32943: an anonymous researcherpppAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42840: an anonymous researcherPreferencesAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to use arbitrary entitlementsDescription: A logic issue was addressed with improved statemanagement.CVE-2022-42855: Ivan Fratric of Google Project ZeroPrintingAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed by removing the vulnerablecode.CVE-2022-42862: Mickey Jin (@patch1t)SafariAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Visiting a website that frames malicious content may lead toUI spoofingDescription: A spoofing issue existed in the handling of URLs. Thisissue was addressed with improved input validation.CVE-2022-46695: KirtiKumar Anandrao RamchandaniSoftware UpdateAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: A user may be able to elevate privilegesDescription: An access issue existed with privileged API calls. Thisissue was addressed with additional restrictions.CVE-2022-42849: Mickey Jin (@patch1t)WeatherAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to read sensitive location informationDescription: The issue was addressed with improved handling ofcaches.CVE-2022-42866: an anonymous researcherWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A use after free issue was addressed with improvedmemory management.WebKit Bugzilla: 245521CVE-2022-42867: Maddie Stone of Google Project ZeroWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory consumption issue was addressed with improvedmemory handling.WebKit Bugzilla: 245466CVE-2022-46691: an anonymous researcherWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may bypass SameOrigin PolicyDescription: A logic issue was addressed with improved statemanagement.WebKit Bugzilla: 246783CVE-2022-46692: KirtiKumar Anandrao RamchandaniWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may result in thedisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-42852: hazbinhotel working with Trend Micro Zero DayInitiativeWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedinput validation.WebKit Bugzilla: 246942CVE-2022-46696: Samuel Groß of Google V8 SecurityWebKit Bugzilla: 247562CVE-2022-46700: Samuel Groß of Google V8 SecurityWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may disclosesensitive user informationDescription: A logic issue was addressed with improved checks.CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs& DNSLab, Korea Univ.WebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 247420CVE-2022-46699: Samuel Groß of Google V8 SecurityWebKit Bugzilla: 244622CVE-2022-42863: an anonymous researcherAdditional recognitionKernelWe would like to acknowledge Zweig of Kunlun Lab and pattern-f(@pattern_F_) of Ant Security Light-Year Lab for their assistance.Safari ExtensionsWe would like to acknowledge Oliver Dunk and Christian R. of1Password for their assistance.WebKitWe would like to acknowledge an anonymous researcher and scarlet fortheir assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.2 and iPadOS 16.2".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYIACgkQ4RjMIDkeNxmnGxAAuO8CwNDPYn+yyq7VIRB6+sCaV962MC2c7TFzU+R1waBBaG57NmJQeANL5645QVNL/5k0TaFiSV/dFg15YvBkLgC6JVHeKebYvboSHB0wsfxejfwYnYFLNc44xriqdQSarmp61Aw4270LFRjV1XokOGuEzo4U3InyhiawceAVR/qvteNDxETnsiANjyaPRnx1d2K22+VZAFRtVjLgFLkBwAguamuMe8vIaqP71giORZNfX+w+GduszAqYSpo5aPC8G56GmHGZnSid/utBa2CqXfVRMyUmnYYukPrYACdy4WkTKWOWCbPrCbkTVWc43jsWhPqsMFopyy4K+SaCZqNdcpIag8n5uvCsf0tLPIUPTMRXSj3w1WOq1++6NV3cZp6RaFVYJ3twU2D1q/Vj8VXILNPvECzGNlOxRJu0H7w3VD5ZdZ16Gsc8T62CER5CSJr49fj5ixLCP9HepmIK5Rz0UXMxmylUANk2h88HK9hr7/s1EOYtCVjTEYQ2c1ESd87HYz24iYnqaL5d8KDFiGQCVfuwnz2keWO7Lc2E+8OUqqYTWfCoSWprWnSUZR31xA+JnPSS4WBP4RzitUmAiP5sdulF0jg4IZ0y0RUwWI4lD4vv0z9glb++rRHhPJj9uuirFcmKJ1BSfEN1glq/gGW8SP1vuq1BU+fIdeHtw4XeeIw==qV7H-----END PGP SIGNATURE-----

Apple Security Advisory 2022-12-13-1

Flaws could be combined to grab passwords in cleartext

Charlie Osborne 21 December 2022 at 16:16 UTC

Flaws could be combined to grab passwords in cleartext

  

Vulnerabilities in enterprise password manager Passwordstate that could be combined to exfiltrate stored credentials have been patched.

Developed by Australian vendor Click Studios, Passwordstate is an on-premise suite comrpising role-based administration and access control, sensitive information sharing, AES data encryption, and browser extension capabilities. The software has approximately 29,000 users.

Passwordstate was subject to scrutiny by Swiss security consultancy modzero AG following a customer request to check the password manager’s security.

Modzero researchers Constantin Muller, Jan Benninger, and Pascal Zenker duly conducted an audit of Passwordstate and found a range of security issues, as documented in the team’s disclosure report (PDF).

RECOMMENDED Becoming a penetration tester: ‘Mr hacking’ John Jackson on the virtue of ‘endless curiosity’

They included CVE-2022-3875, a high severity API authentication bypass (CVSS 7.3); CVE-2022-3876 (CVSS 4.3), where UpdatePassword file manipulation leads to authorization bypass; and CVE-2022-3877 (CVSS 3.5), a cross-site scripting (XSS) flaw in the user interface.

Researchers also found another XSS, the use of hard-coded credentials for APIs, insufficient protection for password lists, and potential exposure of passwords in the browser extension.

**Attack chain**

A potential attack chain would look like this: forge an API token using a valid username, add malicious password entries with XSS payloads in public and private password lists, wait until an administrator unwittingly opens a password entry, secure a reverse shell, and then pull and dump passwords stored in the Passwordstate instance.

“Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within the application,” the researchers say.

“The individual vulnerabilities can be chained to gain a shell on the Passwordstate host system and dump all stored passwords in cleartext – starting with nothing more than a valid username!”

According to modzero, Click Studios was “responsive” throughout the disclosure process and quick to triage and patch the researchers’ findings, resulting in Passwordstate version 9.6 (9653).

“Password safety and therefore password management solutions are the foundation on which an organization's security infrastructure is built on,” modzero commented. "The uncovered findings show the incredible importance of ongoing security audits for critical assets and red teaming engagements within organizations.”

The Daily Swig has reached out to Click Studios and we will update if and when when we hear back.

RELATED Mastodon users vulnerable to password-stealing attacks

Password theft bug chain patched in Passwordstate credential manager

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

Published:2022/12/21  Last Updated:2022/12/21

**Overview**

+Message App contains a vulnerability caused by improper handling of Unicode control characters.

**Products Affected**

**SoftBank Corp.**

*   +Message App for Android prior to version 12.9.5
*   +Message App for iOS prior to version 3.9.4

**NTT DOCOMO, INC.**

*   +Message App for Android prior to version 54.49.0500
*   +Message App for iOS prior to version 3.9.4

**KDDI CORPORATION**

*   +Message App for Android prior to version 3.9.2
*   +Message App for iOS prior to version 3.9.4

**Description**

+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications.  
Therefore, a crafted text may display misleading web links (CWE-451).

**Impact**

A spoofed URL may be displayed and phishing attacks may be conducted.

**Solution**

**Update the Application**  
Update to the latest version according to the information provided by the developer.

**Vendor Status**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector(AV)

Physical (P)

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required (R)

None (N)

Scope(S)

Unchanged (U)

Changed (C)

Confidentiality Impact(C)

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact(C)

None (N)

Partial (P)

Complete (C)

Integrity Impact(I)

None (N)

Partial (P)

Complete (C)

Availability Impact(A)

None (N)

Partial (P)

Complete (C)

**Credit**

Akaki Tsunoda reported this vulnerability to IPA.  
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

**Other Information**

Tag

#ios