Navigation
Search
|
Apple releases iOS 15.7.2 with more than a dozen critical security updates
Tuesday December 13, 2022. 09:20 PM , from Mac 911
The big news int he iPhone world today is the launch of iOS 16.2, but users of older phones have an important reason to update as well. Apple has released iOS 15.7.2 and iPadOS 15.7.2 for devices that aren’t on iOS 16, most notably the iPhone 6s and 7, iPad mini 4 and iPad Air 2. It’s also available for newer iPhones that haven’t made the leap to iOS 16 yet.
To update your iPhone, head over to the Settings app and tap General, then Software Update. Then tap Download and Install and follow the prompts. The update doesn’t include any new features, but it does contain bug fixes and numerous important security updates, several of which allow for arbitrary code execution and at least one of which that may have been actively exploited. Apple’s release notes merely state, “This update provides important security fixes and is recommended for all users.” Here are the posted security updates for this release: AppleAVD Impact: Parsing a maliciously crafted video file may lead to kernel code executionDescription: An out-of-bounds write issue was addressed with improved input validation.CVE-2022-46694: Andrey Labunets and Nikita Tarakanov AVEVideoEncoder Impact: An app may be able to execute arbitrary code with kernel privilegesDescription: A logic issue was addressed with improved checks.CVE-2022-42848: ABC Research s.r.o File System Impact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab Graphics Driver Impact: Parsing a maliciously crafted video file may lead to unexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin IOHIDFamily Impact: An app may be able to execute arbitrary code with kernel privilegesDescription: A race condition was addressed with improved state handling.CVE-2022-42864: Tommy Muir (@Muirey03) iTunes Store Impact: A remote user may be able to cause unexpected app termination or arbitrary code executionDescription: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security Kernel Impact: An app may be able to execute arbitrary code with kernel privilegesDescription: A race condition was addressed with additional validation.CVE-2022-46689: Ian Beer of Google Project Zero libxml2 Impact: A remote user may be able to cause unexpected app termination or arbitrary code executionDescription: An integer overflow was addressed through improved input validation.CVE-2022-40303: Maddie Stone of Google Project Zero libxml2 Impact: A remote user may be able to cause unexpected app termination or arbitrary code executionDescription: This issue was addressed with improved checks.CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero ppp Impact: An app may be able to execute arbitrary code with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-42840: an anonymous researcher Preferences Impact: An app may be able to use arbitrary entitlementsDescription: A logic issue was addressed with improved state management.CVE-2022-42855: Ivan Fratric of Google Project Zero Safari Impact: Visiting a website that frames malicious content may lead to UI spoofingDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.CVE-2022-46695: KirtiKumar Anandrao Ramchandani WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code executionDescription: A memory consumption issue was addressed with improved memory handling.CVE-2022-46691: an anonymous researcher WebKit Impact: Processing maliciously crafted web content may result in the disclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative WebKit Impact: Processing maliciously crafted web content may bypass Same Origin PolicyDescription: A logic issue was addressed with improved state management.CVE-2022-46692: KirtiKumar Anandrao Ramchandani WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code executionDescription: A memory corruption issue was addressed with improved input validation.CVE-2022-46700: Samuel Groß of Google V8 Security WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.Description: A type confusion issue was addressed with improved state handling.CVE-2022-42856: Clément Lecigne of Google’s Threat Analysis Group iOS
https://www.macworld.com/article/1434386/ios-15-7-2-critical-security-updates.html
Related News |
46 sources
Current Date
Mar, Tue 28 - 00:54 CEST
|