Impact: Processing maliciously crafted web content may lead to arbitrary code executionĬVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher labĬVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher labĬVE-2022-26716: SorryMybad of Kunlun LabĬVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Impact: Processing maliciously crafted web content may lead to code execution Impact: An app may be able to capture a user's screen
Impact: A malicious app may be able to bypass signature validationĭescription: A certificate parsing issue was addressed with improved checks.ĬVE-2022-26766: Linus Henze of Pinauten GmbH () Impact: A remote user may be able to cause a denial-of-serviceĬVE-2022-32790: Max Shavrick of the Google Security TeamĬVE-2022-26776: Max Shavrick of the Google Security Team, Zubair Ashraf of Crowdstrike Impact: An attacker may be able to cause unexpected application termination or arbitrary code executionĬVE-2022-26775: Max Shavrick of the Google Security Teamĭescription: This issue was addressed with improved checks.ĬVE-2022-26708: Max Shavrick of the Google Security Team Impact: A sandboxed process may be able to circumvent sandbox restrictionsĭescription: An access issue was addressed with additional sandbox restrictions on third-party applications.ĬVE-2022-26706: Arsenii Kostromin (0x3c3e) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authenticationĭescription: A race condition was addressed with improved state handling.ĬVE-2022-26765: Linus Henze of Pinauten GmbH () Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigationsĬVE-2022-26764: Linus Henze of Pinauten GmbH ()
Impact: A malicious application may be able to execute arbitrary code with kernel privilegesĭescription: A memory corruption issue was addressed with improved validation.ĬVE-2022-26714: Peter Nguyễn Vũ Hoàng of STAR Labs for: Apple Watch Series 3 and laterĬVE-2022-26757: Ned Williamson of Google Project Zero Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code executionĭescription: An integer overflow was addressed with improved input validation.ĬVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiativeĭescription: A memory corruption issue was addressed with improved state management. Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: An out-of-bounds access issue was addressed with improved bounds checking.ĬVE-2022-26763: Linus Henze of Pinauten GmbH () Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.ĭescription: An out-of-bounds write issue was addressed with improved bounds checking.
Impact: An application may be able to execute arbitrary code with kernel privilegesĭescription: A use after free issue was addressed with improved memory management. Available for: Apple Watch Series 3 and later