CVE-2022-22596 Improved memory validation in watchOS 8.5, iOS 15.4 and iPadOS 15.4.

An application may be able to execute arbitrary code with kernel privileges. This issue does not affect devices running iOS versions prior to 10 or watchOS versions prior to 5. An application may be able to bypass the code signing enforcement via a crafted app. This issue was addressed by improved enforcement of app signing.

An application may be able to bypass code signing via the developer provisioning profile. An application may be able to bypass code signing on the iOS device via a physical or remote connection. This issue did not occur in previous versions. An application may be able to bypass the code signing verification on the watch via a physical connection. This issue did not occur in previous versions. An application may be able to execute arbitrary code with kernel privileges. This issue did not occur in previous versions. An application may be able to bypass the code signing enforcement via a crafted app. An application may be able to bypass the code signing verification on the watch via a physical connection. This issue did not occur in previous versions. An application may be able to execute arbitrary code with kernel privileges. This issue did not occur in previous versions. An application may be able to bypass the code signing enforcement via a crafted app. An application may be able to bypass the code signing verification on the watch via a physical connection. This issue did not occur in previous versions

Vulnerability Characteristics

An application may be able to bypass the code signing enforcement via a crafted app. An application may be able to bypass the code signing verification on the watch via a physical connection. This issue did not occur in previous versions.

Vulnerability Symptoms and Types

An application may be able to execute arbitrary code with kernel privileges. An application may be able to bypass the code signing enforcement via a crafted app. An application may be able to bypass the code signing verification on the watch via a physical connection.

Timeline

Published on: 03/18/2022 18:15:00 UTC
Last modified on: 03/28/2022 16:36:00 UTC

References

• https://support.apple.com/en-us/HT213182
• https://support.apple.com/en-us/HT213193
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22596