Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2019-12-18 |
| Product | Ipados | Last view | 2022-03-18 |
| Version | * | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:ipados | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.6 | 2022-03-18 | CVE-2022-22671 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. |
| 3.3 | 2022-03-18 | CVE-2022-22670 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. |
| 7.8 | 2022-03-18 | CVE-2022-22667 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22666 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. |
| 6.5 | 2022-03-18 | CVE-2022-22659 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. |
| 7.5 | 2022-03-18 | CVE-2022-22653 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. |
| 6.1 | 2022-03-18 | CVE-2022-22652 | The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. |
| 7.5 | 2022-03-18 | CVE-2022-22643 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
| 9.8 | 2022-03-18 | CVE-2022-22642 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. |
| 9.8 | 2022-03-18 | CVE-2022-22641 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22640 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22639 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
| 6.5 | 2022-03-18 | CVE-2022-22638 | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. |
| 7.8 | 2022-03-18 | CVE-2022-22636 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. |
| 9.8 | 2022-03-18 | CVE-2022-22635 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22634 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22633 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 9.8 | 2022-03-18 | CVE-2022-22632 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. |
| 4.6 | 2022-03-18 | CVE-2022-22622 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
| 4.6 | 2022-03-18 | CVE-2022-22621 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
| 8.8 | 2022-03-18 | CVE-2022-22620 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
| 7.8 | 2022-03-18 | CVE-2022-22618 | This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. |
| 7.8 | 2022-03-18 | CVE-2022-22615 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22614 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22613 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 29% (97) | CWE-787 | Out-of-bounds Write |
| 18% (62) | CWE-125 | Out-of-bounds Read |
| 9% (30) | CWE-416 | Use After Free |
| 6% (20) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 5% (18) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 3% (13) | CWE-20 | Improper Input Validation |
| 3% (11) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 3% (10) | CWE-269 | Improper Privilege Management |
| 2% (8) | CWE-362 | Race Condition |
| 2% (7) | CWE-665 | Improper Initialization |
| 1% (5) | CWE-287 | Improper Authentication |
| 1% (5) | CWE-200 | Information Exposure |
| 1% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (4) | CWE-190 | Integer Overflow or Wraparound |
| 1% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (3) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (2) | CWE-476 | NULL Pointer Dereference |
| 0% (2) | CWE-415 | Double Free |
| 0% (2) | CWE-347 | Improper Verification of Cryptographic Signature |
| 0% (2) | CWE-346 | Origin Validation Error |
| 0% (2) | CWE-276 | Incorrect Default Permissions |
| 0% (2) | CWE-212 | Improper Cross-boundary Removal of Sensitive Data |
| 0% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (1) | CWE-667 | Insufficient Locking |
| 0% (1) | CWE-613 | Insufficient Session Expiration |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1094 attack attempt RuleID : 54309 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1094 attack attempt RuleID : 54308 - Type : FILE-OTHER - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1 |
