• Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion
Friday, 24 March, 2023
  • Login
topfmonline.com
 
  • Home
  • News
  • Politics
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Sports
  • Education
  • Technology
  • Foreign
No Result
View All Result
topfmonline.com
No Result
View All Result
Home Technology

iOS 15.3 patches 10 major security flaws affecting Safari, root privileges, and more

TOPFM NEWS by TOPFM NEWS
January 27, 2022
in Technology
A A
0
iOS 15.3 patches 10 major security flaws affecting Safari, root privileges, and more
0
SHARES
3
VIEWS
Share on FacebookShare on Twitter

Apple has rushed out a pair of updates for iPhones and iPads that fix several security flaws, including a Safari bug that lets websites you visit see your browsing history and other personal data.

Both iOS 15.3 and iPadOS 15.3 fix the Safari issue, as detailed by 9to5Mac, as well as several other vulnerabilities within ColorSync, iCloud, and other software as detailed in Apple’s support page. Don’t expect any new features, as these software updates just patch a handful of current issues.

Like all other iOS 15 updates, iOS 15.3 is free and available to compatible Apple devices: the iPhone 6S and newer, iPhone SE (2016), and iPod Touch (7th generation). Similarly, iPadOS 15.3 is free and compatible with these tablets and newer: the iPad (5th generation), iPad Pro (all models), iPad mini 4 and iPad Air 2. To update your iPhone or iPad, head to the Settings app > General > Software Update and tap Install Now.  

Apple also started

Along with Apple’s software updates today for iPhone, iPad, Mac, Apple Watch, and more, a variety of security issues have been fixed. iOS 15.3 specifically patches 10 notable security bugs ranging from the Safari web browsing leak to a flaw that can give malicious apps root privileges, and more.

We knew about the web browsing and Google account ID flaw being patched ahead of time as it arrived with the RC versions of iOS 15.3 and macOS 12.2 However, Apple has now detailed the full list of security patches with documentation showing up for iOS 15.3, watchOS 8.4, and more.

macOS 12.2 may include the same fixes, but Apple hasn’t published the security update for that just yet.

Beyond the Safari web browsing flaw, others security issues patched include apps gaining root privileges, the ability to execute arbitrary code with kernel privileges, accessing user files through an iCloud bug, and more.

Here are the 10 flaws fixed in iOS 15.3 per Apple:

ColorSync

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

Crash Reporter

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22578: an anonymous researcher

rolling out watchOS 8.4 for Apple Watch users in an unrelated update that fixed bugs and improved performance. To update your Apple Watch, head to the Settings app > General > Software Update, or do the same through the Watch mobile app on your paired iPhone.

iCloud

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to access a user’s files

Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

IOMobileFrameBuffer

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed with improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A website may be able to track sensitive user information

Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

Additional recognition

WebKit

We would like to acknowledge Prakash (@1lastBr3ath) for their assistance.

Related Posts

TikTok launches an elections hub in Kenya ahead of General Elections

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
10
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
4
Source: Michael Potuck
Via: 9to5mac
Tags: iOS 15.3
Previous Post

President partners with Ass. of graduates for skills development

Next Post

TikTok will add PSAs to Holocaust-related content

Related Posts

TikTok launches an elections hub in Kenya ahead of General Elections
Technology

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
10
Facebook to allow up to five profiles tied to one account
Technology

Facebook to allow up to five profiles tied to one account

July 15, 2022
4
Microsoft releases tweet-size exploit for macOS sandbox escape bug
Technology

Microsoft releases tweet-size exploit for macOS sandbox escape bug

July 14, 2022
9
Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’
Technology

Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’

July 14, 2022
2
Ex-CIA engineer Joshua Schulte convicted over massive data leak
Technology

Ex-CIA engineer Joshua Schulte convicted over massive data leak

July 14, 2022
2
Samsung Galaxy Z Fold 4 with model name SM-F936U certified by FCC
Technology

Samsung Galaxy Z Fold 4 with model name SM-F936U certified by FCC

July 13, 2022
2
Next Post
TikTok will add PSAs to Holocaust-related content

TikTok will add PSAs to Holocaust-related content

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

BROWSE BY CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

BROWSE BY TOPICS

2022 Budget Afghanistan akufo addo Amazon Apiate explosion apple AT&T Bawku Black Stars covid COVID-19 COVID 19 E-Levy facebook Ghana Police Service Google Government health Intel iphone Mahama Majority Microsoft Minority momo NDC news NPP Nvidia OMICRON Parliament police Russia security South Africa Taliban tech Tesla US UTAG vaccine vaccines Verizon WHO Xinjiang

Recent Posts

  • FDA issues alert on two eyedrops which have killed patients in US
  • Talks with China over $1.7bn debt positive, encouraging – Ofori-Atta
  • Donations to Appiate reconstruction being put to good use – Committee
  • Parliament to decide fate of Nana Addo’s new ministers today
  • I’m committed to serve’ – Kwabena Duffuor after filing NDC presidential forms

Recent Comments

No comments to show.

RECENT NEWS

  • FDA issues alert on two eyedrops which have killed patients in US March 24, 2023
  • Talks with China over $1.7bn debt positive, encouraging – Ofori-Atta March 24, 2023
  • Donations to Appiate reconstruction being put to good use – Committee March 24, 2023
  • Parliament to decide fate of Nana Addo’s new ministers today March 24, 2023

MAIN CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

Entertainment

FDA issues alert on two eyedrops which have killed patients in US
Health

FDA issues alert on two eyedrops which have killed patients in US

3 hours ago
0
  • ABOUT US
  • CONTACT
  • ADVERTISE

© 2023 Top Media Group - Powered by BackUp Data Systems

No Result
View All Result
  • Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion

© 2023 Top Media Group - Powered by BackUp Data Systems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In