About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.
VULNERABILITIES
Apple macOS Ventura Remote Code Execution Vulnerability
Identifier: CVE-2022-42837
Exploit or POC: No
Update: https://support.apple.com/en-us/HT213532
Description: CVE-2022-42837 allows for remote code execution. This vulnerability involves an issue with URL parsing. Successful exploitation would allow an attacker to cause an unexpected app termination or arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Apple iOS Kernel Remote Code Execution Vulnerability
Identifier: CVE-2022-42842
Exploit or POC: No
Update: https://support.apple.com/en-us/HT201222
Description: CVE-2022-42842 allows for remote code execution. This vulnerability involves a memory handling issue. Successful exploitation would allow a remote attacker to execute remote code with kernel privileges.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Apple iOS Code Execution Vulnerability
Identifier: CVE-2022-42867
Exploit or POC: No
Update: https://support.apple.com/en-us/HT213532
Description: CVE-2022-42867 allows for arbitrary code execution. Successful exploitation would allow an attacker to process maliciously crafted web content to elicit arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Apple iOS Code Execution Vulnerability
Identifier: CVE-2022-46689
Exploit or POC: No
Update: https://support.apple.com/en-us/HT201222
Description: CVE-2022-46689 allows for arbitrary code execution. Successful exploitation would allow an app to execute arbitrary code with kernel privileges.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Apple iOS Code Execution Vulnerability
Identifier: CVE-2022-46691
Exploit or POC: No
Update: https://support.apple.com/en-us/HT213532
Description: CVE-2022-46691 allows for arbitrary code execution. This vulnerability involves an issue concerning memory consumption. Successful exploitation would allow an attacker to process maliciously crafted web content to elicit arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Apple iOS WebKit Code Execution Vulnerability
Identifier: CVE-2022-46696
Exploit or POC: No
Update: https://support.apple.com/en-us/HT213532
Description: CVE-2022-46696 allows for arbitrary code execution. This vulnerability involves a memory corruption issue. Successful exploitation would allow an attacker to process maliciously crafted web content to elicit arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.
Apple iOS WebKit Code Execution Vulnerability
Identifier: CVE-2022-46700
Exploit or POC: No
Update: https://support.apple.com/en-us/HT213532
Description: CVE-2022-46700 allows for arbitrary code execution. This vulnerability involves a memory corruption issue. Successful exploitation would allow an attacker to process maliciously crafted web content to elicit arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation.
RedLegg Action: None at this time.