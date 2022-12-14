



The big news in the iPhone world today is the release of iOS 16.2, but users of older phones also have important reasons to update. Apple has released iOS 15.7.2 and iPadOS 15.7.2 for non-iOS 16 devices, specifically iPhone 6s and 7, iPad mini 4, and iPad Air 2. Still jumping to iOS 16.

To update your iPhone, go to the Settings app and tap next, and follow the prompts.

While this update does not contain any new features, it does contain bug fixes and a number of critical security updates, some of which allow arbitrary code execution and at least one which actively prevents It may have been abused. Apple’s release notes simply say, “This update provides important security fixes and is recommended for all users.” The security updates posted for this release are:

Apple AVD

Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: Improved input validation addressed an out-of-bounds write issue.CVE-2022-46694 : Andrey Labunet and Nikita Tarakanov

AVE Video Encoder

Impact: Apps may be able to execute arbitrary code with kernel privileges Description: Addressed a logic issue with improved checks.CVE-2022-42848: ABC Research sro

file system

Impact: The app may escape from the sandbox Description: This issue was resolved with improved checks.CVE-2022-42861: Ant Security Light-Year Lab’s pattern-f (@pattern_F_)

graphics driver

Impact: Parsing a maliciously crafted video file may lead to an unexpected system termination Description: This issue was addressed through improved memory handling.CVE-2022-42846: Willy R. Vasquez at the University of Texas at Austin

IOHID family

Impact: Apps may be able to execute arbitrary code with kernel privileges Description: Addressed a race condition through improved state handling.CVE-2022-42864: Tommy Muir (@Muirey03)

iTunes store

Impact: Remote users can cause apps to terminate unexpectedly or execute arbitrary code Description: There was a problem parsing URLs. This issue was addressed through improved input validation. CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

kernel

Impact: Apps may be able to execute arbitrary code with kernel privileges Description: Additional verification addressed a race condition.CVE-2022-46689: Ian Beer of Google Project Zero

libxml2

Impact: Remote users may cause apps to terminate unexpectedly or execute arbitrary code Description: Addressed an integer overflow through improved input validation.CVE-2022-40303: Maddie Stone by Google Project Zero

libxml2

Impact: Remote users may cause apps to terminate unexpectedly or execute arbitrary code Description: This issue was resolved through improved checks.CVE-2022-40304: Ned of Google Project Zero Williamson and Nathan Wachholz

ppp

Impact: Apps may be able to execute arbitrary code with kernel privileges Description: This issue was addressed through improved memory handling.CVE-2022-42840: Anonymous Researcher

Environmental setting

Impact: Apps may be able to use arbitrary permissions Description: Improved state management to resolve logic issues CVE-2022-42855: Ivan Fratric of Google Project Zero

safari

Impact: Visiting websites that contain malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Resolved memory consumption issue and improved memory handling.CVE-2022-46691: anonymous researcher

WebKit

Impact: Processing maliciously crafted web content may disclose process memory Description: This issue was addressed through improved memory handling.CVE-2022-42852: Trend hazbinhotel in partnership with the Micro Zero Day Initiative

WebKit

Impact: Processing maliciously crafted web content may bypass the Same Origin Policy Description: Improved state management to resolve logic issues CVE-2022-46692: KirtiKumar Anandrao Ramchandani

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Addressed a memory corruption issue through improved input validation.CVE-2022-46700: Samuel Groß of Google V8 Security

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of reports that this issue may have been actively exploited against versions of iOS released prior to iOS 15.1.

