Apple has released iOS 15.5, macOS 12.4, and more today with updates like new features for Apple Cash, the Podcasts app, and the Studio Display webcam fix. However, a bigger reason to update your devices is the security patches with today’s releases. iOS 15.5 includes almost 30 security fixes while macOS 12.4 features over 50.
Apple shared all the details for the security fixes in its latest software for iPhone, iPad, Mac, and more on its support page.
For both iOS and Mac, many of the flaws could allow malicious apps to execute arbitrary code with kernel privileges. Another for iOS says “A remote attacker may be able to cause unexpected application termination or arbitrary code execution.”
Specifically on Mac, one of the 50+ flaws fixed was that “Photo location information may persist after it is removed with Preview Inspector.”
Important security updates are also available for macOS Big Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.
You can read about all of the vulnerabilities fixed with the latest updates below:
iOS and macOS security patches:
iOS 15.5 and iPadOS 15.5
Released May 16, 2022
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-26702: an anonymous researcher
AppleGraphicsControl
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AVEVideoEncoder
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
DriverKit
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-26744: an anonymous researcher
ImageIO
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
IOKit
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
CVE-2022-26768: an anonymous researcher
IOSurfaceAccelerator
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2022-26771: an anonymous researcher
Kernel
Description: A memory corruption issue was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
CVE-2022-26757: Ned Williamson of Google Project Zero
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
CVE-2022-23308
Notes
Impact: Processing a large input may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal
Safari Private Browsing
Impact: A malicious website may be able to track users in Safari private browsing mode
Description: A logic issue was addressed with improved state management.
CVE-2022-26731: an anonymous researcher
Security
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Impact: A person with physical access to an iOS device may be able to access photos from the lock screen
Description: An authorization issue was addressed with improved state management.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Impact: Processing maliciously crafted web content may lead to code execution
WebKit Bugzilla: 238178CVE-2022-26700: ryuzaki
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
WebKit Bugzilla: 236950CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171CVE-2022-26717: Jeonghoon Shin of Theori
WebKit Bugzilla: 238183CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call
Description: A logic issue in the handling of concurrent media was addressed with improved state handling.
WebKit Bugzilla: 237524CVE-2022-22677: an anonymous researcher
Wi-Fi
Impact: A malicious application may disclose restricted memory
CVE-2022-26745: an anonymous researcher
Impact: A malicious application may be able to elevate privileges
CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Impact: A remote attacker may be able to cause a denial of service
CVE-2015-4142: Kostya Kortchinsky of Google Security Team
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
FaceTime
We would like to acknowledge James Lee, an anonymous researcher for their assistance.
We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.
macOS Monterey 12.4
AMD
Available for: macOS Monterey
CVE-2022-26772: an anonymous researcher
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleScript
Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
Description: An out-of-bounds read issue was addressed with improved bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
Contacts
Impact: A plug-in may be able to inherit the application’s permissions and access user data
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
Impact: Photo location information may persist after it is removed with Preview Inspector
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
CVE-2022-26769: Antonio Zekic (@antoniozekic)
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Impact: A malicious application may be able to bypass Privacy preferences
Description: The issue was addressed with additional permissions checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
Description: An integer overflow was addressed with improved input validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Impact: Processing a maliciously crafted certificate may lead to a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2022-0778
OpenSSL
PackageKit
Impact: A malicious application may be able to modify protected parts of the file system
Description: This issue was addressed by removing the vulnerable code.
CVE-2022-26712: Mickey Jin (@patch1t)
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
CVE-2022-26746: @gorelics
SMB
Impact: An application may be able to gain elevated privileges
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Impact: A malicious application may be able to access restricted files
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Impact: An app may be able to capture a user’s screen
CVE-2022-26726: an anonymous researcher
Tcl
Impact: A malicious application may be able to break out of its sandbox
Description: This issue was addressed with improved environment sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit Bugzilla: 238178CVE-2022-26700: ryuzaki
WebKit Bugzilla: 237475CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
CVE-2022-26761: Wang Yu of Cyberserval
zip
Impact: Processing a maliciously crafted file may lead to a denial of service
Description: A denial of service issue was addressed with improved state handling.
CVE-2022-0530
zlib
CVE-2018-25032: Tavis Ormandy
zsh
Impact: A remote attacker may be able to cause arbitrary code execution
Description: This issue was addressed by updating to zsh version 5.8.1.
CVE-2021-45444
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Photo Booth
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.
We would like to acknowledge Dana Morrison for their assistance.
