• Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion
Saturday, 28 May, 2022
  • Login
topfmonline.com
 
  • Home
  • News
  • Politics
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Sports
  • Education
  • Technology
  • Foreign
No Result
View All Result
topfmonline.com
No Result
View All Result
Home Technology

iOS 15.3 patches 10 major security flaws affecting Safari, root privileges, and more

TOPFM NEWS by TOPFM NEWS
January 27, 2022
in Technology
A A
0
iOS 15.3 patches 10 major security flaws affecting Safari, root privileges, and more
0
SHARES
3
VIEWS
Share on FacebookShare on Twitter

Apple has rushed out a pair of updates for iPhones and iPads that fix several security flaws, including a Safari bug that lets websites you visit see your browsing history and other personal data.

Both iOS 15.3 and iPadOS 15.3 fix the Safari issue, as detailed by 9to5Mac, as well as several other vulnerabilities within ColorSync, iCloud, and other software as detailed in Apple’s support page. Don’t expect any new features, as these software updates just patch a handful of current issues.

Like all other iOS 15 updates, iOS 15.3 is free and available to compatible Apple devices: the iPhone 6S and newer, iPhone SE (2016), and iPod Touch (7th generation). Similarly, iPadOS 15.3 is free and compatible with these tablets and newer: the iPad (5th generation), iPad Pro (all models), iPad mini 4 and iPad Air 2. To update your iPhone or iPad, head to the Settings app > General > Software Update and tap Install Now.  

Apple also started

Along with Apple’s software updates today for iPhone, iPad, Mac, Apple Watch, and more, a variety of security issues have been fixed. iOS 15.3 specifically patches 10 notable security bugs ranging from the Safari web browsing leak to a flaw that can give malicious apps root privileges, and more.

We knew about the web browsing and Google account ID flaw being patched ahead of time as it arrived with the RC versions of iOS 15.3 and macOS 12.2 However, Apple has now detailed the full list of security patches with documentation showing up for iOS 15.3, watchOS 8.4, and more.

macOS 12.2 may include the same fixes, but Apple hasn’t published the security update for that just yet.

Beyond the Safari web browsing flaw, others security issues patched include apps gaining root privileges, the ability to execute arbitrary code with kernel privileges, accessing user files through an iCloud bug, and more.

Here are the 10 flaws fixed in iOS 15.3 per Apple:

ColorSync

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

Crash Reporter

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22578: an anonymous researcher

rolling out watchOS 8.4 for Apple Watch users in an unrelated update that fixed bugs and improved performance. To update your Apple Watch, head to the Settings app > General > Software Update, or do the same through the Watch mobile app on your paired iPhone.

iCloud

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to access a user’s files

Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

IOMobileFrameBuffer

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed with improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A website may be able to track sensitive user information

Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

Additional recognition

WebKit

We would like to acknowledge Prakash (@1lastBr3ath) for their assistance.

Related Posts

AMD unveils Epyc confidential computing on Google cloud

AMD unveils Epyc confidential computing on Google cloud

May 27, 2022
1
Microsoft announces Project Volterra ARM based mini PC

Microsoft announces Project Volterra ARM based mini PC

May 27, 2022
0
Source: Michael Potuck
Via: 9to5mac
Tags: iOS 15.3
Previous Post

President partners with Ass. of graduates for skills development

Next Post

TikTok will add PSAs to Holocaust-related content

Related Posts

AMD unveils Epyc confidential computing on Google cloud
Technology

AMD unveils Epyc confidential computing on Google cloud

May 27, 2022
1
Microsoft announces Project Volterra ARM based mini PC
Technology

Microsoft announces Project Volterra ARM based mini PC

May 27, 2022
0
Broadcom announces plans to buy VMware in $61 billion deal
Technology

Broadcom announces plans to buy VMware in $61 billion deal

May 27, 2022
1
iOS 16 concept will have you wishing it was September already
Technology

iOS 16 concept will have you wishing it was September already

May 26, 2022
1
Elon Musk will put up $6 billion to drop Tesla loans from his Twitter deal
Technology

Elon Musk will put up $6 billion to drop Tesla loans from his Twitter deal

May 26, 2022
0
AMD Expands Confidential Computing Presence on Google Cloud
Technology

AMD Expands Confidential Computing Presence on Google Cloud

May 26, 2022
1
Next Post
TikTok will add PSAs to Holocaust-related content

TikTok will add PSAs to Holocaust-related content

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

BROWSE BY CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

BROWSE BY TOPICS

5G 2022 Budget AFCON Afghanistan akufo addo Amazon Apiate explosion Appiate apple AT&T Biden Black Stars covid COVID-19 COVID 19 E-Levy facebook Ghana Police Service Google Hackers health Intel iphone meta Microsoft NLC Nvidia OMICRON Parliament police Russia Samsung security South Africa Taliban tech Tesla Trump twitter US UTAG vaccine WHO Windows 11 Xinjiang

Recent Posts

  • AMD unveils Epyc confidential computing on Google cloud
  • Microsoft announces Project Volterra ARM based mini PC
  • Broadcom announces plans to buy VMware in $61 billion deal
  • Russia slams sanctions, seeks to blame West for food crisis
  • Germany’s Scholz says Russia will not win the war in Ukraine

Recent Comments

No comments to show.

RECENT NEWS

  • AMD unveils Epyc confidential computing on Google cloud May 27, 2022
  • Microsoft announces Project Volterra ARM based mini PC May 27, 2022
  • Broadcom announces plans to buy VMware in $61 billion deal May 27, 2022
  • Russia slams sanctions, seeks to blame West for food crisis May 27, 2022

MAIN CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

Entertainment

TOP FM enters Mallam Atta market with “Apomuden” Festival
Business

TOP FM enters Mallam Atta market with “Apomuden” Festival

2 months ago
5
  • ABOUT US
  • CONTACT
  • ADVERTISE

© 2021 Top Media Group - Powered by BackUp Data Systems

No Result
View All Result
  • Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion

© 2021 Top Media Group - Powered by BackUp Data Systems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
LIVE UPDATES ON COVID-19 CASES
  • Ghana
    Confirmed Cases 161,370
    Active Cases 44
    Recovered Cases 159,881
    Death Cases 1,445