This issue was addressed by restricting root access to app binaries only. We are aware of reports of app developers enabling root access to their apps. This may lead to users being vulnerable to attack if the app developer has enabled root access. We recommend that app developers who offer the option to enable root access turn off this feature if their app is being distributed through the iOS App Store.
An app may be able to bypass code signing and prompt the user to install an unsigned update. This issue does not affect the installation of signed updates. An unsigned app update may be able to install itself with no notification to the user. This issue was addressed by restricting app updates. We are aware of reports of app developers who have enabled the installation of signed updates on their app. This may lead to users being vulnerable to attack if the app developer has enabled this capability. We recommend that app developers who offer the option to enable signed updates turn off this feature if their app is being distributed through the iOS App Store. An app with root privileges may be able to execute arbitrary code with kernel privileges. This issue was addressed by restricting root access to app binaries only. We are aware of reports of app developers enabling root access to their apps. This may lead to users being vulnerable to attack if the app developer has enabled root access
Networking and Local Area Network
Local Area Network (LAN) is a group of computers and peripheral devices connected together through a single cable to share resources such as files, printers, etc. This term may also refer to the use of radio frequency signals to connect two or more computers across a distance.
Vulnerability and Exfiltration Scenarios
The issue has been addressed by restricting root access to app binaries only. We are aware of reports of app developers enabling root access to their apps. This may lead to users being vulnerable to attack if the app developer has enabled root access. We recommend that app developers who offer the option to enable root access turn off this feature if their app is being distributed through the iOS App Store.
Timeline
Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 18:48:00 UTC
References
- https://support.apple.com/en-us/HT213344
- https://support.apple.com/en-us/HT213345
- https://support.apple.com/en-us/HT213342
- https://support.apple.com/en-us/HT213343
- https://support.apple.com/en-us/HT213340
- https://support.apple.com/en-us/HT213346
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32815