apple patient
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally
No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally
No Result
View All Result
apple patient
No Result
View All Result

iOS 15.3 fixes 10 dangerous security vulnerabilities

by Milan
January 26, 2022
in News
iOS 15.3 fixes 10 dangerous security vulnerabilities

Digital padlock on abstract technology background, technology security concept. Modern security digital background. Protection system, cyber security and safety information, personal data concept.

Apple released iOS 15.3, iPadOS 15.3 and more to users worldwide this evening, fixing a total of 10 dangerous security vulnerabilities, including the Safari web browsing issue and a vulnerability that could allow malicious apps to gain root privileges, and more.

The Safari web browsing problem that could leak search history and Google ID was already known. But iOS 15.3 and Co. fix significantly more vulnerabilities, as Apple has now announced. In addition to the security hole in the Safari web browser, other security problems have also been fixed, such as apps gaining root privileges, executing arbitrary code with kernel privileges, accessing user files through an iCloud error and more. Below we have the list that Apple has fixed in the meantime. published has attached. (Photo by blackboard / Bigstockphoto)

  • iOS 15: How to use the native iPhone 2FA code generator

iOS 15.3, macOS 12.2 and Co. fix many vulnerabilities

ColorSync

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Processing a maliciously crafted file may lead to arbitrary code execution.
  • Description: A memory corruption issue was fixed with improved validation.
  • CVE-2022-22584: Mickey Jin (@patch1t) from Trend Micro

Crash Reporter

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: A malicious application may be able to gain root privileges
  • Description: A logic issue was fixed through improved validation.

iCloud

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: An application may be able to access a user's files
  • Description: There was an issue in the path validation logic for symlinks. This issue was resolved with improved path cleanup.
  • CVE-2022-22585: Zhipeng Huo (@R3dF09) from Tencent Security Xuanwu Lab (https://xlab.tencent.com)

IOMobileFrameBuffer

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A memory corruption issue was fixed with improved input validation.
  • CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

kernel

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: A malicious application may be able to execute arbitrary code with the privileges of the kernel
  • Description: A buffer overflow was fixed through improved memory handling.
  • CVE-2022-22593: Peter Nguyễn Vũ Hoàng from STAR Labs

Model I/O

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Processing a maliciously crafted STL file may lead to an unexpected application termination or arbitrary code execution.
  • Description: An information disclosure issue was addressed through improved state management.
  • CVE-2022-22579: Mickey Jin (@patch1t) from Trend Micro

WebKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Processing a maliciously crafted email message may result in arbitrary JavaScript execution.
  • Description: A validation issue was fixed with improved input sanitization.
  • CVE-2022-22589: Heige of the KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

WebKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A use-after-free issue was resolved through improved memory management.
  • CVE-2022-22590: Toan Pham of Team Orca from Sea Security (security.sea.com)

WebKit

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: Processing maliciously crafted web content may prevent enforcement of the Content Security Policy
  • Description: A logical issue was resolved through improved state management.
  • CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit storage

  • Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Impact: A website may be able to track sensitive user data
  • Description: A cross-lineage issue in the IndexDB API was resolved with improved input validation.
  • CVE-2022-22594: Martin Bajanik from FingerprintJS
Do you already know our Amazon Storefront? There you will find a hand-picked selection of various products for your iPhone and Co. have fun browsing.
The article contains affiliate links.
Add Apfelpatient to your Google News Feed. 
Was this article helpful?
YesNo
Tags: Apple servicesiOSiOS 15.3iPadOSiPadOS 15.3macOSmacOS Monterey 12.2
Previous Post

Synchronization problems: Apple fixes iCloud bug

 Next Post

iPhones could soon accept credit card payments directly
Next Post
iPhone payment service iOS 15.4

iPhones could soon accept credit card payments directly

Tim Cook Donald Trump Apple

Trump helps Apple with tariffs – after talks with Tim Cook

April 14, 2025
iOS 18.5 Beta 2 Apple

iOS 18.5 Beta 2 released – What we know so far

April 14, 2025
iPhone Fold Apple

iPhone Fold: The surprising solution for mini lovers?

April 14, 2025

About APFELPATIENT

Welcome to your ultimate source for everything Apple - from the latest hardware like iPhone, iPad, Apple Watch, Mac, AirTags, HomePods, AirPods to the groundbreaking Apple Vision Pro and high-quality accessories. Dive deep into the world of Apple software with the latest updates and features for iOS, iPadOS, tvOS, watchOS, macOS and visionOS. In addition to comprehensive tips and tricks, we offer you the hottest rumors, the latest news and much more to keep you up to date. Selected gaming topics also find their place with us, always with a focus on how they enrich the Apple experience. Your interest in Apple and related technology is served here with plenty of expert knowledge and passion.

Legal

  • Imprint – About APFEPATIENT
  • Cookie Settings
  • Privacy Policy
  • Terms of Use

service

  • Partner Program
  • Netiquette – About APPLEPATIENT

 Apfelpatient RSS feed

Follow Apfelpatient:
Facebook Instagram YouTube threads

© 2025 Apfelpatient. All rights reserved. | Sitemap

No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Tests & Experience Reports
  • Generally

© 2025 Apfelpatient. All rights reserved. | Page Directory