The vulnerabilities fixed in iOS 16.1 and iPad OS 16 are detailed here.
Contents
About Apple security updates
When a security issue is discovered, Apple investigates discussing it publicly or releasing a fix for it. The most recent upgrades can be found on Apple’s security updates page.
When possible, Apple’s security documentation will refer to vulnerabilities by their CVE-IDs.
Visit Apple’s Product Security website for further details.
iOS 16.1 and iPadOS 16
Released October 24, 2022
Apple Neural Engine
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequences: An programme might be able to run arbitrary code with root access.
Memory management enhancements were implemented to fix this issue.
Mohamed Ghannam (@ simo36) reported vulnerability CVE-2022-32932.
AppleMobileFileIntegrity
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Potential repercussions: a programme could alter otherwise secure areas of the file system
The problem was fixed by eliminating some privileges.
Mickey Jin (@patch1t) reported CVE-2022-42825.
Audio
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Impact: User data exposure is possible if parsing a maliciously engineered audio file
Memory management enhancements were implemented to fix this issue.
Anonymous contributors to the Trend Micro Zero Day Initiative have disclosed CVE-2022-42798.
iOS 16.1 Causing Random Wi-Fi Disconnects for Some iPhone Users https://t.co/m47IbWyYGW by @SamiFathi_ pic.twitter.com/mHajsvCBDz
— MacRumors.com (@MacRumors) October 27, 2022
AVEVideoEncoder
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequences: An programme might be able to run arbitrary code with root access.
Better bounds checks were implemented to fix the bug.
ABC Research s.r.o., CVE-2022-32940.
Backup
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequence: An application may gain access to iCloud backups
An issue with permissions was fixed by adding new controls.
Offensive Security’s Csaba Fitzl (@theevilbit) discovered CVE-2022-32929.
CFNetwork
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Effect: Processing a specially constructed certificate could result in the execution of arbitrary code.
An issue with WKWebView’s certificate validation was described. The problem was fixed by enhancing the validation process.
Open Computing Facility’s Jonathan Zhang discovered CVE-2022-42813 (ocf.berkeley.edu)
Core Bluetooth
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
A set of wireless AirPods connected to a smartphone might be used to record sounds.
Better entitlements allowed us to fix this problem.
Vulnerability CVE-2022-32946: Best Buddy Apps’ Guilherme Rambo (Rambo. codes)
FaceTime
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Its possible results include allowing access to prohibited content even when the screen is locked.
Improved state management was used to fix a problem with the lock screen.
Bistrit Dahal, CVE-202232935
GPU Drivers
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequences: An programme might be able to run arbitrary code with root access.
Memory management enhancements were implemented to fix this issue.
Lina Asahi (@LinaAsahi) discovered CVE-2020-32947.
Graphics Driver
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequences: An programme might be able to run arbitrary code with root access.
Better bounds checks were implemented to fix the bug.
Willy R. Vasquez of UT-Austin discovered vulnerability CVE-2022-32939.
IOHIDFamily
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Potential Impact: An App Can Force the Termination of Another App or Execution of an Arbitrary Code
Better state management is described as the solution to a memory corruption problem.
Peter Pan ZhenPeng of STAR Labs, Common Vulnerability and Exposure No. CVE-2022-42820
IOKit
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The result could be that malicious software could gain full kernel access and execute arbitrary code.
Locking was made better to prevent a race condition.
Tingting Yin of Tsinghua University discovered CVE-2022-42806.
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The result could be that malicious software could gain full kernel access and execute arbitrary code.
Better state management is described as the solution to a memory corruption problem.
Tim Michaud (@TimGMichaud), of the AI company Move works, has disclosed a critical vulnerability (CVE-2022-32944).
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The result could be that malicious software could gain full kernel access and execute arbitrary code.
Locking was made better to prevent a race condition.
Xinru Chi of Pangu Lab and John Aakerblom (@jaakerblom) discovered CVE-2022-42803.
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Impact: A root-level programme could potentially run arbitrary code with kernel permissions.
Better bounds checks were implemented to fix the bug.
Tim Michaud (@TimGMichaud), the founder of Moveworks.ai, has disclosed CVE-2022-32926.
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The result could be that malicious software could gain full kernel access and execute arbitrary code.
Better checks were implemented to fix a logical flaw.
Ian Beer of Google’s Project Zero discovered CVE-2022-42801.
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The result could be that malicious software could gain full kernel access and execute arbitrary code.
Memory management enhancements were implemented to fix this issue.
Project Zero at Google’s Ian Beer Identifies Critical Vulnerability CVE-2022-32924
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequence: A malicious user on the outside could potentially execute kernel code.
Out-of-bounds writing has been fixed thanks to enhanced bounds checking.
Zweig of Kunlun Lab discovered CVE-2020-42808
Kernel
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The effect could be that an app could gain access to the kernel and run code with root permissions. Apple has been made aware of speculation that this vulnerability has been exploited in the wild.
Out-of-bounds writing has been fixed thanks to enhanced bounds checking.
The CVE-2022-42827 Flaw: Unidentified Researcher
Model I/O
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Implication: Opening a specially designed USD file could lead to the disclosure of sensitive memory contents.
Memory management enhancements were implemented to fix this issue.
Ant Security Light-Year Lab’s Xingwei Lin (@xwlin Roy) and Yinyi Wu discovered CVE-2022-42810.
PPP
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Implication: Buffer overflows can lead to the execution of arbitrary code.
Better bounds checks were implemented to fix the bug.
One unknown researcher discovered CVE-2022-32941.
PPP
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Impact: A root-level programme could potentially run arbitrary code with kernel permissions.
Memory management issues, specifically use after free, have been fixed.
An unknown researcher discovered CVE-2022-42829.
PPP
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Impact: A root-level programme could potentially run arbitrary code with kernel permissions.
Memory management enhancements were implemented to fix this issue.
Issued by an unknown researcher (CVE-2022-42830)
PPP
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Impact: A root-level programme could potentially run arbitrary code with kernel permissions.
Locking was made better to prevent a race condition.
For CVE-2022-42831, an unknown researcher
An unknown researcher discovered CVE-2022-42832.
Safari
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequences: Personal information could be compromised if you visit a rogue website
Description: Better state management was implemented to fix a logical flaw.
Researchers: Chris Kanich, Associate Professor at the University of Illinois at Chicago; Mir Masood Ali, PhD student at the University of Illinois at Chicago; Binoy Chitale, MS student at Stony Brook University; Mohammad Ghasemisharif, PhD Candidate at the University of Illinois at Chicago;
Sandbox
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Consequences: A malicious programme could gain access to private information.
Additional sandbox constraints were implemented to solve an access problem.
Snowflake’s Justin Bui (@slyd0g) discovered CVE-2022-42811.
Shortcuts
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Implication: a shortcut might potentially verify the file system presence of any given path.
Extensive changes were made to the path validation system to fix a parsing issue with the handling of directory paths.
Romania’s Tudor Vianu National High School of Computer Science’s Cristian Dinca discovered CVE-2022-32938.
WebKit
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Negative Effects: Visiting a Malicious Website Could Lead to “Spoofed” User Interfaces
Enhanced user interface handling was implemented to fix the problem.
WebKit
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Effect: Processing specially prepared web content could result in the execution of arbitrary code.
To fix a problem with type confusion, the way memory was handled was modified.
WebKit
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Result: It’s possible that private user data could be leaked if maliciously generated web content was processed.
Description: Better state management was implemented to fix a logical flaw.
WebKit PDF
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Effect: Processing specially prepared web content could result in the execution of arbitrary code.
Memory management issues, specifically use after free, have been fixed.
WebKit
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
The effect is that if the app processes maliciously designed online content, it may reveal private information about itself.
More stringent validations were implemented to fix a JIT bug that was preventing it from running correctly.
Wi-Fi
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Signing up for a rogue wireless network has the potential to crash your device’s settings.
Memory management enhancements were implemented to fix this issue.
Dr Hideaki Goto of Tohoku University, Japan, discovered CVE-2020-32927.
zlib
Compatible with the iPhone 8 and later, all models of the iPad Pro, the iPad Air 3 and later, the iPad 5 and later, and the iPad mini 5 and later.
Influence: A user could potentially trigger a crash or even execute arbitrary code in a programme.
More stringent checks have been implemented to prevent this from happening again.
Identifier: CVE-2022-37434 Evgeny Legerov
Evgeny Legerov, CVE-2022-42800