Apple Patches Everything: October 2022 Edition, (Tue, Oct 25th)

WebKit Bugzilla [important] WebKit
A logic issue was addressed with improved state management.
Processing maliciously crafted web content may disclose sensitive user information x x     x x x CVE-2022-42825 [important] AppleMobileFileIntegrity
This issue was addressed by removing additional entitlements.
An app may be able to modify protected parts of the file system   x x x x x x CVE-2022-32940 [important] AVEVideoEncoder
The issue was addressed with improved bounds checks.
An app may be able to execute arbitrary code with kernel privileges   x     x x x CVE-2022-42813 [critical] CFNetwork
A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation.
Processing a maliciously crafted certificate may lead to arbitrary code execution   x     x x x CVE-2022-32946 [important] Core Bluetooth
This issue was addressed with improved entitlements.
An app may be able to record audio using a pair of connected AirPods   x           CVE-2022-32947 [important] GPU Drivers
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges   x     x   x CVE-2022-42820 [important] IOHIDFamily
A memory corruption issue was addressed with improved state management.
An app may cause unexpected app termination or arbitrary code execution   x     x     CVE-2022-42806 [important] IOKit
A race condition was addressed with improved locking.
An app may be able to execute arbitrary code with kernel privileges   x     x     CVE-2022-32924 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges   x     x x x CVE-2022-42808 [critical] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
A remote user may be able to cause kernel code execution   x     x x x CVE-2022-42827 [critical] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges.
Apple is aware of a report that this issue may have been actively exploited.    x           CVE-2022-42829 [important] ppp
A use after free issue was addressed with improved memory management.
An app with root privileges may be able to execute arbitrary code with kernel privileges   x     x     CVE-2022-42830 [important] ppp
The issue was addressed with improved memory handling.
An app with root privileges may be able to execute arbitrary code with kernel privileges   x     x     CVE-2022-42831 [important] ppp
A race condition was addressed with improved locking.
An app with root privileges may be able to execute arbitrary code with kernel privileges   x     x     CVE-2022-42832 [important] ppp
A race condition was addressed with improved locking.
An app with root privileges may be able to execute arbitrary code with kernel privileges   x     x     CVE-2022-42811 [important] Sandbox
An access issue was addressed with additional sandbox restrictions.
An app may be able to access user-sensitive data   x     x x x CVE-2022-32938 [important] Shortcuts
A parsing issue in the handling of directory paths was addressed with improved path validation.
A shortcut may be able to check the existence of an arbitrary path on the file system   x     x     CVE-2022-28739 [critical] Ruby
A memory corruption issue was addressed by updating Ruby to version 2.6.10.
A remote user may be able to cause unexpected app termination or arbitrary code execution     x x x     CVE-2022-32862 [important] Sandbox
This issue was addressed with improved data protection.
An app with root privileges may be able to access private information     x x x     CVE-2022-42795 [critical] Accelerate Framework
A memory consumption issue was addressed with improved memory handling.
Processing a maliciously crafted image may lead to arbitrary code execution         x     CVE-2022-32858 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to leak sensitive kernel state         x     CVE-2022-32898 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-32899 [important] Apple Neural Engine
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-32827 [important] AppleAVD
A memory corruption issue was addressed with improved state management.
An app may be able to cause a denial-of-service         x     CVE-2022-42789 [important] AppleMobileFileIntegrity
An issue in code signature validation was addressed with improved checks.
An app may be able to access user-sensitive data         x     CVE-2022-32902 [important] ATS
A logic issue was addressed with improved state management.
An app may be able to bypass Privacy preferences         x     CVE-2022-32904 [important] ATS
An access issue was addressed with additional sandbox restrictions.
An app may be able to access user-sensitive data         x     CVE-2022-32890 [moderate] ATS
A logic issue was addressed with improved checks.
A sandboxed process may be able to circumvent sandbox restrictions         x     CVE-2022-42796 [important] Audio
This issue was addressed by removing the vulnerable code.
An app may be able to gain elevated privileges         x     CVE-2022-42819 [important] Calendar
An access issue was addressed with improved access restrictions.
An app may be able to read sensitive location information         x     CVE-2022-26730 [critical] ColorSync
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.
Processing a maliciously crafted image may lead to arbitrary code execution         x     CVE-2022-32867 [important] Crash Reporter
This issue was addressed with improved data protection.
A user with physical access to an iOS device may be able to read past diagnostic logs         x     CVE-2022-32205 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl         x     CVE-2022-32206 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl         x     CVE-2022-32207 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl         x     CVE-2022-32208 [other] curl
Multiple issues were addressed by updating to curl version 7.84.0.
Multiple issues in curl         x     CVE-2022-42814 [important] Directory Utility
A logic issue was addressed with improved checks.
An app may be able to access user-sensitive data         x     CVE-2022-32865 [important] DriverKit
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-32915 [important] DriverKit
A type confusion issue was addressed with improved checks.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-32928 [other] Exchange
A logic issue was addressed with improved restrictions.
A user in a privileged network position may be able to intercept mail credentials         x     CVE-2022-42788 [other] Find My
A permissions issue existed. This issue was addressed with improved permission validation.
A malicious application may be able to read sensitive location information         x     CVE-2022-32905 [critical] Finder
This issue was addressed with improved validation of symlinks.
Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges         x     CVE-2022-42809 [other] Grapher
The issue was addressed with improved memory handling.
Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution         x     CVE-2022-32913 [other] Image Processing
The issue was addressed with additional restrictions on the observability of app states.
A sandboxed app may be able to determine which app is currently using the camera         x     CVE-2022-1622 [other] ImageIO
A denial-of-service issue was addressed with improved validation.
Processing an image may lead to a denial-of-service         x     CVE-2022-32936 [important] Intel Graphics Driver
An out-of-bounds read was addressed with improved input validation.
An app may be able to disclose kernel memory         x     CVE-2022-32864 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory         x     CVE-2022-32866 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-32911 [important] Kernel
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-32914 [important] Kernel
A use after free issue was addressed with improved memory management.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2022-42815 [important] Mail
This issue was addressed with improved data protection.
An app may be able to access user-sensitive data         x     CVE-2022-32883 [important] Maps
A logic issue was addressed with improved restrictions.
An app may be able to read sensitive location information         x     CVE-2022-32908 [other] MediaLibrary
A memory corruption issue was addressed with improved input validation.
A user may be able to elevate privileges         x     CVE-2021-39537 [other] ncurses
A buffer overflow was addressed with improved bounds checking.
A user may be able to cause unexpected app termination or arbitrary code execution         x     CVE-2022-29458 [other] ncurses
A denial-of-service issue was addressed with improved validation.
Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents         x     CVE-2022-42818 [other] Notes
This issue was addressed with improved data protection.
A user in a privileged network position may be able to track user activity         x     CVE-2022-32879 [other] Notifications
A logic issue was addressed with improved state management.
A user with physical access to a device may be able to access contacts from the lock screen         x     CVE-2022-32895 [important] PackageKit
A race condition was addressed with improved state handling.
An app may be able to modify protected parts of the file system         x     CVE-2022-32918 [important] Photos
This issue was addressed with improved data protection.
An app may be able to bypass Privacy preferences         x     CVE-2022-32881 [important] Sandbox
A logic issue was addressed with improved restrictions.
An app may be able to modify protected parts of the file system         x     CVE-2022-42793 [other] Security
An issue in code signature validation was addressed with improved checks.
An app may be able to bypass code signing checks         x     CVE-2022-42790 [important] Sidecar
A logic issue was addressed with improved state management.
A user may be able to view restricted content from the lock screen         x     CVE-2022-32870 [other] Siri
A logic issue was addressed with improved state management.
A user with physical access to a device may be able to use Siri to obtain some call history information         x     CVE-2022-32934 [critical] SMB
The issue was addressed with improved memory handling.
A remote user may be able to cause kernel code execution         x     CVE-2022-42791 [important] Software Update
A race condition was addressed with improved state handling.
An app may be able to execute arbitrary code with kernel privileges         x     CVE-2021-36690 [other] SQLite
This issue was addressed with improved checks.
A remote user may be able to cause a denial-of-service         x     CVE-2022-0261 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0318 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0319 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0351 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0359 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0361 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0368 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0392 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0554 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0572 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0629 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0685 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0696 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0714 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0729 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-0943 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1381 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1420 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1725 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1616 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1619 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1620 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1621 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1629 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1674 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1733 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1735 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1769 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1927 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1942 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1968 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1851 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1897 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1898 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-1720 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-2000 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-2042 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-2124 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-2125 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-2126 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim         x     CVE-2022-32875 [important] Weather
A logic issue was addressed with improved state management.
An app may be able to read sensitive location information         x