{"vulnerability": "cve-2022-4280", "sightings": [{"uuid": "bd28935f-102d-4d04-9824-a7433a2c1954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/HackingVidhya/345", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n\n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\ud83d\udcf1\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.\n\n\u27a1\ufe0f PLEASE GIVE REACTION \u2620\ufe0f\n\n\u2b50FOR MORE\u27a1\ufe0f \n\n\ud83d\udd38SHARE OUR CHANNEL IN YOUR GROUP OR CHANNEL HELP US TO GROW\ud83d\udd3b", "creation_timestamp": "2023-08-22T18:02:03.000000Z"}, {"uuid": "ff4f1366-154d-47da-a802-c34191d3529a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/VENOMOUS7t1/1536", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n\n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\ud83d\udcf1\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.\n\nShare and join : @afraxratofficials", "creation_timestamp": "2023-09-19T13:50:29.000000Z"}, {"uuid": "333b2da6-b084-4de6-a4f4-db2b5886d075", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/lordofficials2/981", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n\n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\ud83d\udcf1\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.", "creation_timestamp": "2023-09-03T06:12:59.000000Z"}, {"uuid": "b1a84d72-cee9-44f6-9b99-9d99af83cf21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/weareaig/334", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n\n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\ud83d\udcf1\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.", "creation_timestamp": "2022-12-22T15:41:35.000000Z"}, {"uuid": "1c53c6c7-e737-4e81-af03-3459da8aa7cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1170", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n*\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u0435\u0442 4 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\u041f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043d\u0430:\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.", "creation_timestamp": "2022-11-11T21:17:44.000000Z"}, {"uuid": "522dbe0b-7e4b-4671-9c94-48d21958211a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/professional_c_h/1850", "content": "\ud83d\udd25\ud83d\udd25\ud83d\udd25 In apple's neural engine(ANE), which is essentially an NPU and the first generation appeared back in the A11 chip as part of it, Mohamed recently discovered several vulnerabilities: \n\ud83d\udcbeCVE-2022-32845 - aned signature check bypass for model.hwx\n\ud83d\udcbeCVE-2022-32948 - DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation\n\ud83d\udcbeCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\n\ud83d\udcbeCVE-2022-32899 - DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\nChannel:\n@Professional_c_h\n@card_crack_hack", "creation_timestamp": "2022-11-24T15:47:29.000000Z"}, {"uuid": "71609f0a-87f1-4d77-bbbd-dbd52228eaa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42807", "type": "seen", "source": "https://t.me/cibsecurity/65478", "content": "\u203c CVE-2022-42807 \u203c\n\nA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-27T18:52:50.000000Z"}, {"uuid": "61531feb-52ad-45cf-836d-1d770a9e710c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "seen", "source": "https://t.me/cibsecurity/54638", "content": "\u203c CVE-2022-42805 \u203c\n\nAn integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:30:01.000000Z"}, {"uuid": "4b242ecf-1dbb-4e27-a2a4-386185a0782b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4324", "content": "Kernel r/w Exploit for iOS 15 and macOS 12 \n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\n\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\n\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\n\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\nTested On : \n\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.\n\n#IOS #Exploit\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2022-11-12T16:32:03.000000Z"}, {"uuid": "e5499aa1-b0cb-40e7-b467-34b5ab619a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12708", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42805\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T16:18:28.195Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213345\n2. https://support.apple.com/en-us/HT213346", "creation_timestamp": "2025-04-21T17:01:57.000000Z"}, {"uuid": "5eb2564e-9a95-4b08-8dfc-b30942a5c8b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/HackingAndCrackingTools/367", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n\n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\ud83d\udcf1\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.\n\n\u27a1\ufe0f PLEASE GIVE REACTION \u2620\ufe0f\n\n\ud83d\udd38SHARE OUR CHANNEL IN YOUR GROUP OR CHANNEL HELP US TO GROW\ud83d\udd3b", "creation_timestamp": "2023-10-18T22:22:08.000000Z"}, {"uuid": "a245fb1d-2687-45a6-8630-806b3c538616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/atlantiscyberarmy/12747", "content": "\ud83d\udcf2 In the neural engine from apple (ANE), which is essentially an NPU and the first generation appeared in the A11 chip, as part of it.\n\n\ud83d\udcbeCVE-2022-32845 - aned signature check bypass for model.hwx\n\n\ud83d\udcbeCVE-2022-32948 - DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation\n\n\ud83d\udcbeCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\n\n\ud83d\udcbeCVE-2022-32899 - DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\nActually, these kernel waves affected almost all iOS versions from 15 to 16 (15 - 15.5), except for sbx, which was fixed in iOS 15.6. Therefore, for successful operation on iOS 15.6/15.7 devices, it is necessary to break the sploitchain and re-make sbx. WeightBufs - nuclear r / w splits (as stated - affects all apple devices with ANE support, which combines these waves and, in addition to the aforementioned iOS versions, also affects macOS versions: 12 - 12.4.", "creation_timestamp": "2023-05-05T00:57:58.000000Z"}, {"uuid": "eb679504-2225-4b64-ace9-5c7f2044f894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/140722", "content": "{\n  \"Source\": \"https://t.me/documentors\",\n  \"Content\": \"exploit for iOS 15_macOS 12.zip 5.5 MB kernel r/w exploit for iOS 15 and macOS 12 CVE-2022-32845 : aned signature check bypass for model.hwx. CVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation. CVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue. CVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue. \ud83d\udcf1 iPhone12 Pro (iPhone13,3) with iOS 15.5. iPad Pro (iPad8,10) with iPadOS 15.5. iPhone11 Pro (iPhone12,3) with iOS 15.4.1. MacBookAir10,1 M1 with macOS 12.4.\", \n  \"author\": \"\u2693\ufe0f\ud835\udd07\ud835\udd2c\ud835\udd20\ud835\udd32\ud835\udd2a\ud835\udd22\ud835\udd2b\ud835\udd31\ud835\udd2c\ud835\udd2f\",\n  \"Detection Date\": \"12 Nov 2022\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-11-12T12:52:39.000000Z"}, {"uuid": "ef3ccc41-673d-4868-9705-7fd99ce088b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "seen", "source": "https://t.me/breachdetector/141517", "content": "{\n  \"Source\": \"https://t.me/documentors\",\n  \"Content\": \"weightBufs_iOS.zip 5.5 MB \ud83d\udcf2 In the neural engine from apple (ANE), which is essentially an NPU and the first generation appeared in the A11 chip, as part of it. \ud83d\udcbeCVE-2022-32845 - aned signature check bypass for model.hwx \ud83d\udcbeCVE-2022-32948 - DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation \ud83d\udcbeCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue. \ud83d\udcbeCVE-2022-32899 - DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue. Actually, these kernel waves affected almost all iOS versions from 15 to 16 (15 - 15.5), except for sbx, which was fixed in iOS 15.6. Therefore, for successful operation on iOS 15.6/15.7 devices, it is necessary to break the sploitchain and re-make sbx. WeightBufs - nuclear r / w splits (as stated - affects all apple devices with ANE support, which combines these waves and, in addition to the aforementioned iOS versions, also affects macOS versions: 12 - 12.4.\u200c\u200c https://t.me/documentors\", \n  \"author\": \"\u2693\ufe0f\ud835\udd07\ud835\udd2c\ud835\udd20\ud835\udd32\ud835\udd2a\ud835\udd22\ud835\udd2b\ud835\udd31\ud835\udd2c\ud835\udd2f\",\n  \"Detection Date\": \"13 Nov 2022\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-11-13T21:32:38.000000Z"}, {"uuid": "25f850ec-e158-45f7-9ef6-3be162938c01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "Telegram/wFjLsrXfOjTC_RSiQNlk4mhDivMVF1sPgYUZ0DXVWMcgKKw", "content": "", "creation_timestamp": "2022-11-19T23:36:08.000000Z"}, {"uuid": "d1eba8b8-9a09-41e8-8c99-c65a6d79e7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "Telegram/Kdvhw7Ngmu0tEQnsOJWBDgtbmRKknN__9w_bpOlPU2Xxi3U", "content": "", "creation_timestamp": "2023-08-26T14:01:05.000000Z"}, {"uuid": "f8910f13-4f38-4af5-a362-807f7277776b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42801", "type": "seen", "source": "https://t.me/cibsecurity/52432", "content": "\u203c CVE-2022-42801 \u203c\n\nA logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T23:23:56.000000Z"}, {"uuid": "5c018547-fd68-4d5b-bcb2-a76ffceff9a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "https://t.me/BloodyofcProof/153", "content": "kernel r/w exploit for iOS 15 and macOS 12 \n\n\nCVE-2022-32845 : aned signature check bypass for model.hwx.\nCVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.\nCVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.\nCVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.\n\n\ud83d\udcf1\niPhone12 Pro (iPhone13,3) with iOS 15.5.\niPad Pro (iPad8,10) with iPadOS 15.5.\niPhone11 Pro (iPhone12,3) with iOS 15.4.1.\nMacBookAir10,1 M1 with macOS 12.4.\n\nFollow: Kingsman", "creation_timestamp": "2023-01-11T20:29:17.000000Z"}, {"uuid": "3e7f0e87-540a-48e5-8ff4-df5f1f9a3bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42806", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12859", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42806\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T14:54:02.587Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213488\n2. https://support.apple.com/en-us/HT213489", "creation_timestamp": "2025-04-22T15:03:35.000000Z"}, {"uuid": "0abe067e-4314-4e1b-98a3-92f309c501a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42808", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12872", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42808\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T14:42:30.024Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213488\n2. https://support.apple.com/en-us/HT213489\n3. https://support.apple.com/en-us/HT213492\n4. https://support.apple.com/en-us/HT213491", "creation_timestamp": "2025-04-22T15:03:52.000000Z"}, {"uuid": "2e8353c7-062b-42b6-9f08-244bda05e85f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "Telegram/q04hnxfYFQjRLZLmMEhzxJlEctqDxDNihExyi-d7b7wDJg", "content": "", "creation_timestamp": "2024-05-03T15:01:39.000000Z"}, {"uuid": "0e4e87bd-1e79-4b96-8695-bf24916ce32f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42808", "type": "seen", "source": "https://t.me/true_secator/3605", "content": "Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043a\u0440\u0443\u043f\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u00a0iOS 16.1 \u0438 iPadOS 16 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 20 \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0434\u0440\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f.\n\n\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u0430\u043a\u0442\u0438\u0432\u043d\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e CVE-2022-42827 \u0432 RCE-\u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 iPhone \u0438 iPad. \n\n\u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, Apple \u043d\u0435 \u0434\u0435\u043b\u0438\u0442\u0441\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432, \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0433\u0440\u0430\u043d\u0438\u0446, \u043e\u0442\u043c\u0435\u0442\u0438\u0432, \u0447\u0442\u043e \u043e \u043d\u0435\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u044b\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c.\n\n\u041a\u0430\u043a \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442 Apple, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u044d\u0442\u043e\u0442 \u043d\u0443\u043b\u0435\u0432\u043e\u0439 \u0434\u0435\u043d\u044c \u043c\u043e\u0433 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u044f\u0434\u0440\u0430.\n\n\u041a \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u043c\u0443 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043b\u0438\u0448\u044c \u0442\u043e, \u0447\u0442\u043e \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443 \u0431\u044b\u043b\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c 8 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Apple \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c 0-day.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u043b\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0434\u0440\u0443\u0433\u0438\u0445 \u043e\u0448\u0438\u0431\u043e\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 iOS \u0430\u0442\u0430\u043a\u0430\u043c \u0441 RCE, \u0432\u043a\u043b\u044e\u0447\u0430\u044f:\n\n \u2043 CVE-2022-42813 \u0432 CFNetwork - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 WKWebView \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438.\u00a0\u041e \u043d\u0435\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0414\u0436\u043e\u043d\u0430\u0442\u0430\u043d \u0427\u0436\u0430\u043d \u0438\u0437 Open Computing Facility.\n\n \u2043 CVE-2022-42808\u00a0\u0432 \u044f\u0434\u0440\u0435 - \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u044f\u0434\u0440\u0430.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0433\u0440\u0430\u043d\u0438\u0446. \u041e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0426\u0432\u0435\u0439\u0433 \u0438\u0437 Kunlun Lab.\n\n \u2043 CVE-2022-42823\u00a0\u0432 WebKit - \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a\u00a0\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0430\u043c\u044f\u0442\u0438.\u00a0\u041e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u0414\u043e\u0445\u0451\u043d \u041b\u0438 \u0438\u0437 SSD Labs.\n\n \u2043 CVE-2022-32922\u00a0\u0432 WebKit PDF - \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a\u00a0\u00a0\u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u043f\u0443\u0442\u0435\u043c \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e.\u00a0\u0421\u043e\u043e\u0431\u0449\u0438\u043b Yonghwi Jin \u0432 Theori.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e 0-day, \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.", "creation_timestamp": "2022-10-25T11:30:03.000000Z"}, {"uuid": "24081a60-2af7-49e0-a36a-399e23ce2b9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "Telegram/ybUwh9LDZgVdO3P36AJSTnUkuciGW721dGm-1ch46pdTmQ", "content": "", "creation_timestamp": "2022-11-12T14:57:45.000000Z"}, {"uuid": "791b74b8-4f1c-446a-a74f-7a9157cd4955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42805", "type": "published-proof-of-concept", "source": "Telegram/j1JpK9ov52voeLmhAvzE5bQ_t2pg9kk-XzMoFlMR1gHdjg", "content": "", "creation_timestamp": "2023-01-12T04:34:51.000000Z"}, {"uuid": "19b674a2-6b6b-49a4-89af-dea712ab930c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42803", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12855", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42803\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.\n\ud83d\udccf Published: 2022-11-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T14:56:03.563Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213488\n2. https://support.apple.com/en-us/HT213494\n3. https://support.apple.com/en-us/HT213489\n4. https://support.apple.com/en-us/HT213492\n5. https://support.apple.com/en-us/HT213491\n6. https://support.apple.com/en-us/HT213490", "creation_timestamp": "2025-04-22T15:03:30.000000Z"}]}