Apple has released iOS and iPadOS 15.7.1 on Thursday. This update includes several performance enhancements as well as security updates for iPad and iPhone. Apple’s iOS 15.7.1 update follows the release of iOS and iPadOS 16.1Monday. Apple may have delayed the release after Face ID problems were reported by beta testers.
If you’re running iOS 15 and haven’t updated to iOS 16, we recommend installing 15.7.1. According to Release notesThis update contains 18 patches, including one that fixes a Zero-day flaw in kernelThis vulnerability could have been exploited. Here is the complete list:
Apple Neural Engine
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: A program may be able execute any code it wants with kernel privileges
Description: The problem was solved by improved memory handling.
CVE-2022-32932: Mohamed Ghannam (@_simo36)
Audio
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: The disclosure of user information may be possible by parsing an audio file that has been maliciously created.
Description: The problem was solved by improved memory handling.
CVE-2022-42798 – Anonymous working with Trend Micro Zero Day Initiative
Backup
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: An app could be able to access iOS Backups
Description: An issue regarding permissions was resolved with additional restrictions.
CVE-2022-32929 – Csaba fitzl (@theevilbit), of Offensive Security
FaceTime
Available for: iPhone 6s, iPad Pro (all versions), iPad Air 2 & later, iPad Air 2 & Later, iPad 5th Generation and Later, iPad mini 4 & later, iPad touch (7th Generation)
Impact: The lock screen may allow a user to view restricted content
Description: The lock screen issue was solved with better state management.
CVE-2022-32935 – Bistrit Dahal
Graphics driver
Available for: iPhone 6s, iPad Pro (all versions), iPad Air 2 & later, iPad Air 2 & Later, iPad 5th Generation and Later, iPad mini 4 & later, iPad touch (7th Generation)
Impact: A program may be able execute any code it wants with kernel privileges
Description: This issue was dealt with using improved bounds controls.
CVE-2022-32939 by Willy R. Vasquez of The University of Texas at Austin
Image Processing
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: A program may be able execute any code it wants with kernel privileges
Description: This issue has been addressed with improved checks.
CVE-2022-32949 – Tingting Yin at Tsinghua University
Kernel
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: A program may be able execute any code it wants with kernel privileges
Description: The state managed to address a memory corruption issue.
CVE-2022-32944 Tim Michaud (@TimGMichaud), of Moveworks.ai
Kernel
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: A program may be able execute any code it wants with kernel privileges
Description: An improved locking system was used to address a race condition.
CVE-2022-42803 Xinru Ch of Pangu Lab John Aakerblom, @jaakerblom
Kernel
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: An app that has root privileges might be able to execute any code with kernel privileges
Description: This issue was resolved with enhanced bounds checks.
CVE-2022-32926 Tim Michaud (@TimGMichaud), of Moveworks.ai
Kernel
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: An application could be able to execute any code that is given kernel privileges. Apple has received a report that the issue could have been exploited.
Description: A problem with an out-of-bounds writer was resolved by improved bounds checking.
CVE-2022-42827 – An anonymous researcher
Kernel
Available for: iPhone 6s, iPad Pro (all versions), iPad Air 2 & later, iPad Air 2 & Later, iPad 5th Generation and Later, iPad mini 4 & later, iPad touch (7th Generation)
Impact: A program may be able execute any code it wants with kernel privileges
Description: An issue in logic was resolved with enhanced checks.
CVE-202-22801: Ian Beer from Google Project Zero
Model I/O
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: The processing of a maliciously created USD file can expose memory contents
Description: The problem was solved by improved memory handling.
CVE-2022-42810 – Xingwei Lin @xwlin_roy and Yinyi W of Ant Security Light Year Lab
ppp
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: An arbitrary execution of code could result from a buffer overflow
Description: This issue was resolved with enhanced bounds checks.
CVE-2022-32941 – An anonymous researcher
Safari
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: Visiting a maliciously constructed website could expose sensitive data
Description: An issue in logic was solved by improved state management.
CVE-202-22817: Mir Masood Ali (PhD student), University of Illinois at Chicago; Binoychitale (MS student), Stony Brook University; Mohammad Ghasemisharif (PhD Candidate), University of Illinois at Chicago. Chris Kanich, Associate Professor at University of Illinois at Chicago
WebKit
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: Maliciously created web content can expose the internal state of the app
Description: An issue with the JIT’s correctness was resolved by improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923 – Wonyoungjung (@nonetype_pwn), KAIST Hacking Lab
Wi-Fi
Available for: iPhone 6s or later, iPad Pro (all model), iPad Air 2and later, iPad Air 5th generation and earlier, iPad Air 2and later, iPad Air 2and later, iPad Air 3 and later and iPad mini 4 and subsequent, and iPod touch (7thgeneration)
Impact: Joining malicious Wi-Fi networks could result in a denial -of-service attack on the Settings app
Description: The problem was solved by improved memory handling.
CVE-2022-32927 – Dr Hideaki Gto of Tohoku University in Japan
zlib
Available for: iPhone 6s, iPad Pro (all versions), iPad Air 2 & later, iPad Air 2 & Later, iPad 5th Generation and Later, iPad mini 4 & later, iPad touch (7th Generation)
Impact: An unintentional app termination or arbitrary code execution could be caused by a user
Description: This issue has been addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
To download the update, open Settings and tap on GeneralIf so, Software UpdateYour device will then search online for the update. Once the update appears, tap Download and installIt will take several moments to complete the update. Your device will have to be restarted.
