Уязвимость произвольного выполнения кода в iOS, iPadOS, watchOS, Safari, tvOS и iTunes через повреждение памяти при обработке вредоносного веб-контента
Описание
Несколько уязвимостей повреждения памяти устранены за счет улучшенной обработки памяти. Обработка специально созданного веб-контента способна привести к выполнению произвольного кода.
Обновление безопасности
Уязвимость исправлена в следующих обновлениях:
- iOS 14.8 и iOS 15
- iPadOS 14.8 и iPadOS 15
- watchOS 8
- Safari 15
- tvOS 15
- iTunes 12.12 для Windows
Тип уязвимости
Выполнение произвольного кода
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved memory ...
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
ELSA-2022-1777: webkit2gtk3 security, bug fix, and enhancement update (MODERATE)
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2