CVE-2022-22585 Symlinks were being validated incorrectly in iOS 15.3. This is fixed in iOS 15.3 and later.

An application may be able to access a user's files. This issue may occur through a maliciously crafted URL or through a malformed link in an email. This issue did not exist in iOS 15.3 and watchOS 8.4. An application may be able to access a user's files. An application may be able to access a user's files. This issue existed when custom URL schemes were enabled in an enterprise environment. This issue was addressed with improved URL sanitization. This issue did not exist in iOS 15.3 and macOS High Sierra 10.13. An application may be able to access a user's files. An application may be able to access a user's files. This issue occurred when configuring Accessibility features in iOS. This issue was fixed with improved Accessibility sanitization. This issue occurred when a third-party keyboard was enabled in iOS. This issue was fixed with improved keyboard trust management. An application may be able to access a user's files. This issue occurred when setting the language in iOS. This issue was fixed with improved language trust management. An application may be able to access a user's files. An application may be able to access a user's files. This issue occurred when using an enterprise certificate in iOS. This issue was fixed with improved enterprise certificate trust management. An application may be able to access a user's files. An application may be able to access a user's files. This issue occurred when enabling Do Not Track in Safari

Summary iOS is a mobile operating system created by Apple Inc. that runs on the iPhone, iPad, and iPod Touch.

An application may be able to access a user's files. This issue did not exist in iOS 15.3 and watchOS 8.4.

CVE-2023-22586

An application may be able to interfere with the user's audio settings. This issue may occur through a maliciously crafted URL or email. This issue did not exist in iOS 15.3 and watchOS 8.4. An application may be able to interfere with the user's audio settings. An application may be able to interfere with the user's audio settings. This issue occurred when accessing restricted APIs in iCloud Drive on macOS Sierra 10.12 and OS X El Capitan 10.11, which led to an access violation error message being displayed when trying to access files inside iCloud Drive on these systems. This issue was fixed with improved file system sandboxing management of iCloud Drive on macOS Sierra 10.12 and OS X El Capitan 10.11, as well as improved notification management for permissions requests that come from the system or applications outside of the sandboxed file system space in order to avoid permission errors being displayed on these systems after granting permission for a particular file operation from within the sandboxed file system space.

CVE-2019-22766

An application may be able to use Apple Pay Cash. This issue existed when using a merchant ID with a non-registered number. This issue was addressed with improved validation of the Merchant ID.

Timeline

Published on: 03/18/2022 18:15:00 UTC
Last modified on: 03/28/2022 16:47:00 UTC

References

• https://support.apple.com/en-us/HT213059
• https://support.apple.com/en-us/HT213057
• https://support.apple.com/en-us/HT213054
• https://support.apple.com/en-us/HT213055
• https://support.apple.com/en-us/HT213053
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22585