Technology

Apple releases iOS 15.7.2 with more than a dozen critical security updates

By Scott Marlette

The big news int he iPhone world today is the launch of iOS 16.2, but users of older phones have an important reason to update as well. Apple has released iOS 15.7.2 and iPadOS 15.7.2 for devices that aren’t on iOS 16, most notably the iPhone 6s and 7, iPad mini 4 and iPad Air 2. It’s also available for newer iPhones that haven’t made the leap to iOS 16 yet.

To update your iPhone, head over to the Settings app and tap General, then Software Update. Then tap Download and Install and follow the prompts.

The update doesn’t include any new features, but it does contain bug fixes and numerous important security updates, several of which allow for arbitrary code execution and at least one of which that may have been actively exploited. Apple’s release notes merely state, “This update provides important security fixes and is recommended for all users.” Here are the posted security updates for this release:

AppleAVD

  • Impact: Parsing a maliciously crafted video file may lead to kernel code execution
  • Description: An out-of-bounds write issue was addressed with improved input validation.
  • CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

AVEVideoEncoder

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: A logic issue was addressed with improved checks.
  • CVE-2022-42848: ABC Research s.r.o

File System

  • Impact: An app may be able to break out of its sandbox
  • Description: This issue was addressed with improved checks.
  • CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

Graphics Driver

  • Impact: Parsing a maliciously crafted video file may lead to unexpected system termination
  • Description: The issue was addressed with improved memory handling.
  • CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin

IOHIDFamily

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: A race condition was addressed with improved state handling.
  • CVE-2022-42864: Tommy Muir (@Muirey03)

iTunes Store

  • Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
  • Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.
  • CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

Kernel

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: A race condition was addressed with additional validation.
  • CVE-2022-46689: Ian Beer of Google Project Zero

libxml2

  • Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
  • Description: An integer overflow was addressed through improved input validation.
  • CVE-2022-40303: Maddie Stone of Google Project Zero

libxml2

  • Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
  • Description: This issue was addressed with improved checks.
  • CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero

ppp

  • Impact: An app may be able to execute arbitrary code with kernel privileges
  • Description: The issue was addressed with improved memory handling.
  • CVE-2022-42840: an anonymous researcher

Preferences

  • Impact: An app may be able to use arbitrary entitlements
  • Description: A logic issue was addressed with improved state management.
  • CVE-2022-42855: Ivan Fratric of Google Project Zero

Safari

  • Impact: Visiting a website that frames malicious content may lead to UI spoofing
  • Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
  • CVE-2022-46695: KirtiKumar Anandrao Ramchandani

WebKit

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A memory consumption issue was addressed with improved memory handling.
  • CVE-2022-46691: an anonymous researcher

WebKit

  • Impact: Processing maliciously crafted web content may result in the disclosure of process memory
  • Description: The issue was addressed with improved memory handling.
  • CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

WebKit

  • Impact: Processing maliciously crafted web content may bypass Same Origin Policy
  • Description: A logic issue was addressed with improved state management.
  • CVE-2022-46692: KirtiKumar Anandrao Ramchandani 

WebKit

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved input validation.
  • CVE-2022-46700: Samuel Groß of Google V8 Security

WebKit

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
  • Description: A type confusion issue was addressed with improved state handling.
  • CVE-2022-42856: Clément Lecigne of Google’s Threat Analysis Group

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Scott Marlette 132879 posts 0 comments
More Stories

Will OnePlus 13 outpace Xiaomi with the first Snapdragon 8…

Google to appeal Play Store ruling | Computer Weekly

Smart charger aims to ease grid stress from EVs

1 of 69,748