Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution January 24, 202

NJCCIC Advisory

Original Release Date: 1/24/2023

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals.

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence

Apple is aware of CVE-2022-42856 being actively exploited in the wild.

System Affected

Safari versions prior to 16.3 for macOS Big Sur and macOS Monterey
iOS versions prior to 12.5.7 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
iOS versions prior to 15.7.3, for iPadOS 15.7.3, for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
iOS versions prior to 16.3 , for iPadOS 16.3 for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
macOS Monterey versions prior to 12.6.3
macOS Big Sur versions prior to 11.7.3
macOS Ventura versions prior to 13.2
watchOS versions prior to 9.3

Risk

Government

Large and medium government entities: High
Small government entities: High

Businesses

Large and medium business entities: High
Small business entities: High

Home Users: Low

Technical Summary

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Recommendations

Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing.
Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.
Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.

References

Apple

https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT213600
https://support.apple.com/en-us/HT213597
https://support.apple.com/en-us/HT213604
https://support.apple.com/en-us/HT213603
https://support.apple.com/en-us/HT213599
https://support.apple.com/en-us/HT213598
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213605

CVE

Reporting

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions. Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.

	File a Cyber Incident Report \| File a Data Breach Report
	Vulnerability Disclosure Form \| Member Portal Login