CVE-2022-22584 The memory corruption issue was fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, and macOS Monterey 12.2.

This update also addresses an issue where a maliciously crafted PDF may lead to information disclosure. An issue where a malicious PDF file could be sent via MMS and open in the recipient’s mobile device was addressed. This update also fixes an issue where signing into iCloud may lead to an incorrect user being signed in. An issue where signing into an incorrect iCloud may lead to data corruption was fixed. An issue where a maliciously crafted PDF file sent via MMS may lead to information disclosure was addressed. An issue where a maliciously crafted PDF file received via email may lead to information disclosure was fixed. An issue where signing into an incorrect Twitter account may lead to data corruption was fixed. An issue where signing into a malicious enterprise server via Active Directory was fixed. An issue where signing into a malicious enterprise server via LDAP was fixed. An issue where signing into a malicious enterprise server via RADIUS was fixed. An issue where signing into a malicious enterprise server via X.509 was fixed. An issue where signing into a malicious enterprise server via custom authentication was fixed. An issue where signing into a malicious enterprise server via SAML was fixed. An issue where signing into a malicious enterprise server via SPN was fixed. An issue where signing into a malicious enterprise server via SSH was fixed. An data corruption when signing into a malicious enterprise server via SSL was fixed

Deployment Time frames for CVE-2022-22584

This update is available now from Apple.

What is the iCloud Activation Lock and how does it work?

If your iPhone or iPad has been lost, stolen, or reset to factory settings, you can use Find My iPhone service to remotely lock your device and display a message on the locked device. The iCloud Activation Lock is a feature of Find My iPhone that lets you protect your Apple device with an iCloud password when it has been reset to factory settings.
The iCloud Activation Lock is not available for iOS devices that are running iOS 9.3 or greater.

What is the BlackBerry® DTEK70?

The BlackBerry DTEK70 is a premium smartphone designed to support the most popular Android apps and games.
The BlackBerry DTEK70 has an advanced Qualcomm® Snapdragon™ 820 processor and 3GB of RAM. It also has a high-resolution 5.2-inch FHD IPS display, comes with a 16MP rear camera and has dual front facing speakers. This phone also includes an 8MP wide-angle front-facing camera for selfies or video chats that take advantage of the phone's large screen size. The BlackBerry DTEK70 is equipped with a 4,000 mAh battery that can last up to 33 hours of mixed use on a single charge.
This smartphone will be available in black/silver and white/silver through Rogers, Bell, SaskTel and Telus starting on September 20th, 2016.

What to do if you are currently running strong encryption

The update for CVE-2022-22584 is dependent on the vulnerability being fixed in iOS 11.3.1, which is currently not publicly available. If you are currently running strong encryption and can no longer accept encrypted connections, please contact your support representative or CERT/CC immediately.
If you are not currently running strong encryption or do not want to run it any longer, then you should also use this update to disable it as part of your security policy.

Timeline

Published on: 03/18/2022 18:15:00 UTC
Last modified on: 03/28/2022 16:46:00 UTC

References

• https://support.apple.com/en-us/HT213059
• https://support.apple.com/en-us/HT213057
• https://support.apple.com/en-us/HT213054
• https://support.apple.com/en-us/HT213053
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22584