var-202210-0549
Vulnerability from variot
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. apple's iOS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. iOS 16.0.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-10-1 iOS 16.0.3
iOS 16.0.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213480. CVE-2022-22658
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16.0.3". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNEeR8ACgkQ4RjMIDke Nxleqg//enpuZG3s0Sr/encUwpnH0CXJYA8FficNu+x9mcZ1K9/cJzb0eWQKC4Fb NwzGBoa/8/rOr5yziBK4+aPoKl9XTrror6OMx3eUWbFHiaO+7BfnU9pRgtQeJSMF RxI0qCvd94No/8ir2v4O7+Ao0rC8GjchPxKZKcN4JnFSTYhsmh/DSnBw/huIg2hx t5UhWaw+sMs1xBcBJzmeUb0NFdMYf+zlH8CI7CUzzaz1FC42y5q0168tJRClc+iJ BKbszJ7vqjp9jcjYJtQZLzwR2L9EP9vmDm9o4Dlgjom2L3V5SV7nNmBnL/vNdQDe IrAlctKXxvH4K23EhTflnXbmlSj7wwIcm8wKWBcmVv9kJEg4V5Kx8wN3qMPjC6GS zxBW867GgE65XWqV6Qgotl96lMFITHA+JUT5htQSsbkebn9F8Bk0igAqEzgR/chv c79fSd3rT7a9Bcv3r9bgZo8c09XVWFEGogrmLqCjEgvAnmDyE1Dk8rPwgInQgyc5 Qvc5aluqW7J9Yihvx6wwHc8jLPbqM1LMqyIk3g0h+xxKFiH7zqIKw2J+fxCJS3El oBaoeyAD8EJZCoanFwmeI5GBN2gz87gbFoBuXGLAu3OgJFOF6FiHrYRL5Iu33ON0 QDwxaf91oL4zX5HaCTh5DBb6b493ITmDS7CbSY21ahbgWl1bcbQ= =198b -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0549",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "16.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "168707"
}
],
"trust": 0.1
},
"cve": "CVE-2022-22658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22658",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22658",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22658",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-378",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
},
{
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service. apple\u0027s iOS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. iOS 16.0.3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-10-1 iOS 16.0.3\n\niOS 16.0.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213480. \nCVE-2022-22658\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16.0.3\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNEeR8ACgkQ4RjMIDke\nNxleqg//enpuZG3s0Sr/encUwpnH0CXJYA8FficNu+x9mcZ1K9/cJzb0eWQKC4Fb\nNwzGBoa/8/rOr5yziBK4+aPoKl9XTrror6OMx3eUWbFHiaO+7BfnU9pRgtQeJSMF\nRxI0qCvd94No/8ir2v4O7+Ao0rC8GjchPxKZKcN4JnFSTYhsmh/DSnBw/huIg2hx\nt5UhWaw+sMs1xBcBJzmeUb0NFdMYf+zlH8CI7CUzzaz1FC42y5q0168tJRClc+iJ\nBKbszJ7vqjp9jcjYJtQZLzwR2L9EP9vmDm9o4Dlgjom2L3V5SV7nNmBnL/vNdQDe\nIrAlctKXxvH4K23EhTflnXbmlSj7wwIcm8wKWBcmVv9kJEg4V5Kx8wN3qMPjC6GS\nzxBW867GgE65XWqV6Qgotl96lMFITHA+JUT5htQSsbkebn9F8Bk0igAqEzgR/chv\nc79fSd3rT7a9Bcv3r9bgZo8c09XVWFEGogrmLqCjEgvAnmDyE1Dk8rPwgInQgyc5\nQvc5aluqW7J9Yihvx6wwHc8jLPbqM1LMqyIk3g0h+xxKFiH7zqIKw2J+fxCJS3El\noBaoeyAD8EJZCoanFwmeI5GBN2gz87gbFoBuXGLAu3OgJFOF6FiHrYRL5Iu33ON0\nQDwxaf91oL4zX5HaCTh5DBb6b493ITmDS7CbSY21ahbgWl1bcbQ=\n=198b\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "VULHUB",
"id": "VHN-411286"
},
{
"db": "VULMON",
"id": "CVE-2022-22658"
},
{
"db": "PACKETSTORM",
"id": "168707"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22658",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "168707",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-378",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-411286",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22658",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411286"
},
{
"db": "VULMON",
"id": "CVE-2022-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "PACKETSTORM",
"id": "168707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
},
{
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"id": "VAR-202210-0549",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411286"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:16:27.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213480 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT213480"
},
{
"title": "Apple iOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212961"
},
{
"title": "Apple: iOS 16.0.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c7591bbc3060d93032e0dcbf4b1f7fc7"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/10/11/october_patch_tuesday/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411286"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213480"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22658"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22658/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-denial-of-service-via-email-message-39501"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168707/apple-security-advisory-2022-10-10-1.html"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213480"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213480."
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411286"
},
{
"db": "VULMON",
"id": "CVE-2022-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "PACKETSTORM",
"id": "168707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
},
{
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411286"
},
{
"db": "VULMON",
"id": "CVE-2022-22658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"db": "PACKETSTORM",
"id": "168707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
},
{
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-411286"
},
{
"date": "2023-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"date": "2022-10-14T14:22:22",
"db": "PACKETSTORM",
"id": "168707"
},
{
"date": "2022-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-378"
},
{
"date": "2022-11-01T20:15:17.233000",
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-411286"
},
{
"date": "2023-11-21T01:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-022835"
},
{
"date": "2022-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-378"
},
{
"date": "2022-11-03T13:46:30.623000",
"db": "NVD",
"id": "CVE-2022-22658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iOS\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-378"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…