Apple’s critical security update October 2022 released security updates to address vulnerabilities in multiple products. A total of 125 vulnerabilities were addressed. An attacker could exploit some of these flaws to gain control of a vulnerable device. Therefore, it is important to have an appropriate patch management tool.
The macOS update addresses 117 low or medium severity vulnerabilities and 8 critical vulnerabilities that could allow an attacker to execute arbitrary code, access private information, and so on. Apple Safari has also been patched for five vulnerabilities.
Attackers who successfully exploit these vulnerabilities can execute arbitrary code, bypass security, and conduct memory corruption attacks. To prevent this exploitation we need to perform continuous and automated scans with a good vulnerability management software.
Critical Vulnerabilities in Apple’s critical security update October 2022:
CVE-2022-42813: Certificate validation vulnerability in Apple Watch Series 4 and later, iPhone 8 and later. iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later. Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017). Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD.
CVE-2022-42808: An out-of-bounds write vulnerability in iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later). MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017). Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD, Apple Watch Series 4 and later.
CVE-2022-42827: An out-of-bounds write vulnerability in iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later.
CVE-2022-28739: A memory corruption vulnerability in macOS Big Sur, macOS Monterey, Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017).
Some more critical vulnerabilities addressed by Apple:
CVE-2022-42795: A memory consumption vulnerability in Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017).
CVE-2022-26730: A memory corruption vulnerability in Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017).
CVE-2022-32905: Arbitrary code execution vulnerability in Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017).
CVE-2022-32934: Arbitrary code execution vulnerability in Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017).
Apple Security Updates Summary for October 2022:
- Affected OS: macOS Big Sur and macOS Monterey
- Affected features: WebKit, WebKit PDF
- Impact: User Interface Spoofing, Information Disclosure, Arbitrary Code Execution
- CVEs: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-32922, CVE-2022-32923
- Affected OS: macOS Monterey and macOS Big Sur
- Affected features: Sandbox, Ruby, AppleMobileFileIntegrity
- Impact: Code Execution, Information Disclosure
- CVEs: CVE-2022-42825, CVE-2022-28739, CVE-2022-32862, CVE-2022-42798, CVE-2022-32944, CVE-2022-42803, CVE-2022-42801, CVE-2022-32941, CVE-2022-28739, CVE-2022-37434, CVE-2022-42800
- Affected OS: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017)
- Affected features: Accelerate Framework, Apple Neural Engine, AppleAVD, AppleMobileFileIntegrity, ATS, Audio, AVEVideoEncoder, Calendar, CFNetwork, ColorSync, Crash Reporter, curl, Directory Utility, DriverKit, Exchange, Find My, Finder, GPU Drivers, Grapher, Heimdal, Image Processing, Intel Graphics Driver, IOHIDFamily, IOKit, Kernel, Mail, Maps, MediaLibrary, ncurses, Notes, Notifications, PackageKit, Photos, PPP, Ruby, Sandbox, WebKit Sandboxing, WebKit PDF, and so on.
- Impact: Denial of Service, Information Disclosure, Arbitrary Code Execution, Kernel Code Execution, User Interface Spoofing, and so on
Major vulnerabilities affecting the MacOS:
- CVEs: CVE-2021-36690, CVE-2021-39537, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1381, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, CVE-2022-1622, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1851, CVE-2022-1897, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-26730, CVE-2022-28739, CVE-2022-29458, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32827, CVE-2022-32858, CVE-2022-32862, CVE-2022-32864, CVE-2022-32865, CVE-2022-32866, CVE-2022-32867, CVE-2022-32870, CVE-2022-32875, CVE-2022-32879, CVE-2022-32881, CVE-2022-32883, CVE-2022-32886, CVE-2022-32888, CVE-2022-32890, CVE-2022-32892, CVE-2022-32895, CVE-2022-32898, CVE-2022-32899, CVE-2022-32902, CVE-2022-32904, CVE-2022-32905, CVE-2022-32908, CVE-2022-32911, CVE-2022-32912, CVE-2022-32913, CVE-2022-32914, CVE-2022-32915, CVE-2022-32918, CVE-2022-32922, CVE-2022-32924, CVE-2022-32928, CVE-2022-32934, CVE-2022-32936, CVE-2022-32938, CVE-2022-32940, CVE-2022-32947, CVE-2022-3437, CVE-2022-42788, CVE-2022-42789, CVE-2022-42790, CVE-2022-42791, CVE-2022-42793, CVE-2022-42795, CVE-2022-42796, CVE-2022-42799, CVE-2022-42806, CVE-2022-42808, CVE-2022-42809, CVE-2022-42811, CVE-2022-42813, CVE-2022-42814, CVE-2022-42815, CVE-2022-42818, CVE-2022-42819, CVE-2022-42820, CVE-2022-42823, CVE-2022-42824, CVE-2022-42825, CVE-2022-42829, CVE-2022-42830, CVE-2022-42831, CVE-2022-42832
- Affected OS: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
- Affected features: AppleMobileFileIntegrity, AVEVideoEncoder, CFNetwork, Core Bluetooth, GPU Drivers, IOHIDFamily, IOKit, Kernel, PPP, Sandbox, Shortcuts, WebKit, WebKit PDF
- Impact: Arbitrary Code Execution, User Interface Spoofing, Information Disclosure, Code Execution with Kernal privileges
- CVEs: CVE-2022-42825, CVE-2022-32940, CVE-2022-42813, CVE-2022-32946, CVE-2022-32947, CVE-2022-42820, CVE-2022-42806. CVE-2022-32924, CVE-2022-42808, CVE-2022-42827, CVE-2022-42829, CVE-2022-42830, CVE-2022-42831, CVE-2022-42832, CVE-2022-42811. CVE-2022-32938, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-32922, CVE-2022-32923, CVE-2022-32926, CVE-2022-32927, CVE-2022-32929, CVE-2022-32932, CVE-2022-32935, CVE-2022-32939, CVE-2022-3294. CVE-2022-32944, CVE-2022-37434, CVE-2022-42798, CVE-2022-42800, CVE-2022-42801, CVE-2022-42803, CVE-2022-42810, CVE-2022-42817
- Affected OS: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD
- Affected features: AppleMobileFileIntegrity, AVEVideoEncoder, CFNetwork, Kernel, Sandbox, WebKit
- Impact: Arbitrary Code Execution, Information Disclosure, User Interface Spoofing, Kernel Code Execution
- CVEs: CVE-2022-42825, CVE-2022-42798, CVE-2022-32940, CVE-2022-42813, CVE-2022-32924, CVE-2022-42808, CVE-2022-32944, CVE-2022-42803, CVE-2022-32926, CVE-2022-42801, CVE-2022-42810, CVE-2022-42811, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-32923
- Affected OS: Apple Watch Series 4 and later
- Affected features: AppleMobileFileIntegrity, AVEVideoEncoder, CFNetwork, GPU Drivers, Kernel, Sandbox, WebKit
- Impact: Arbitrary Code Execution, Information Disclosure, User Interface Spoofing, Kernel Code Execution
- CVEs: CVE-2022-42825, CVE-2022-32932, CVE-2022-42798, CVE-2022-32944, CVE-2022-42803, CVE-2022-32926, CVE-2022-42801, CVE-2022-42817, CVE-2022-32923, CVE-2022-37434, CVE-2022-42800, CVE-2022-32940, CVE-2022-42813, CVE-2022-32947, CVE-2022-32924, CVE-2022-42808, CVE-2022-42811, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure