About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
iOS 16.1 and iPadOS 16
Released October 24, 2022
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
AppleMobileFileIntegrity
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed by removing additional entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Apple TV
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved handling of caches.
CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added December 21, 2023
Audio
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Backup
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to access iOS backups
Description: A permissions issue was addressed with additional restrictions.
CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
CFNetwork
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to record audio with paired AirPods
Description: An access issue was addressed with additional sandbox restrictions on third party apps.
CVE-2022-32945: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Entry added December 22, 2022
Core Bluetooth
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to record audio using a pair of connected AirPods
Description: This issue was addressed with improved entitlements.
CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)
FaceTime
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: A user may be able to view restricted content from the lock screen
Description: A lock screen issue was addressed with improved state management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Graphics Driver
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32939: Willy R. Vasquez of The University of Texas at Austin
Entry added October 27, 2022
IOHIDFamily
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may cause unexpected app termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or potentially execute code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-46712: Tommy Muir (@Muirey03)
Entry added May 1, 2023
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-42827: an anonymous researcher
Model I/O
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab
Entry added October 27, 2022
NetworkExtension
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to bypass certain Privacy preferences
Description: A logic issue was addressed with improved checks.
CVE-2022-46715: IES Red Team of ByteDance
Entry added May 1, 2023
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42828: an anonymous researcher
Entry added October 31, 2023
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
Safari
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: A logic issue was addressed with improved state management.
CVE-2022-42817: Mir Masood Ali, PhD student, University of Illinois at Chicago; Binoy Chitale, MS student, Stony Brook University; Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago; Chris Kanich, Associate Professor, University of Illinois at Chicago; Nick Nikiforakis, Associate Professor, Stony Brook University; Jason Polakis, Associate Professor, University of Illinois at Chicago
Entry added October 27, 2022, updated October 31, 2023
Sandbox
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Shortcuts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: A shortcut may be able to check the existence of an arbitrary path on the file system
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Weather
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved data protection.
CVE-2022-42792: an anonymous researcher
Entry added May 1, 2023
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 246669
CVE-2022-42826: Francisco Alonso (@revskills)
Entry added December 22, 2022
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit PDF
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may disclose internal states of the app
Description: A correctness issue in the JIT was addressed with improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app
Description: The issue was addressed with improved memory handling.
CVE-2022-32927: Dr Hideaki Goto of Tohoku University, Japan
Entry added October 27, 2022
zlib
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: A user may be able to cause unexpected app termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
iCloud
We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance.
IOGPUFamily
We would like to acknowledge Wang Yu of cyberserval for their assistance.
Entry added October 31, 2023
Image Processing
We would like to acknowledge Tingting Yin of Tsinghua University for their assistance.
Entry added May 1, 2023
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.