A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Weakness
The product does not validate, or incorrectly validates, a certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ipados | Apple | * | 15.5 (excluding) |
| Iphone_os | Apple | * | 15.5 (excluding) |
| Mac_os_x | Apple | * | 10.15.7 (excluding) |
| Mac_os_x | Apple | 10.15.7 (including) | 10.15.7 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-001 (including) | 10.15.7-security_update_2020-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-001 (including) | 10.15.7-security_update_2021-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-002 (including) | 10.15.7-security_update_2021-002 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-003 (including) | 10.15.7-security_update_2021-003 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-004 (including) | 10.15.7-security_update_2021-004 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-005 (including) | 10.15.7-security_update_2021-005 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-006 (including) | 10.15.7-security_update_2021-006 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-007 (including) | 10.15.7-security_update_2021-007 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-008 (including) | 10.15.7-security_update_2021-008 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-001 (including) | 10.15.7-security_update_2022-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-002 (including) | 10.15.7-security_update_2022-002 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-003 (including) | 10.15.7-security_update_2022-003 (including) |
| Macos | Apple | 11.0 (including) | 11.6.6 (excluding) |
| Macos | Apple | 12.0 (including) | 12.4 (excluding) |
| Tvos | Apple | * | 15.5 (excluding) |
| Watchos | Apple | * | 8.6 (excluding) |
Potential Mitigations
Related Attack Patterns
References
- https://support.apple.com/en-us/HT213253
- https://support.apple.com/en-us/HT213254
- https://support.apple.com/en-us/HT213255
- https://support.apple.com/en-us/HT213256
- https://support.apple.com/en-us/HT213257
- https://support.apple.com/en-us/HT213258
- https://support.apple.com/en-us/HT213253
- https://support.apple.com/en-us/HT213254
- https://support.apple.com/en-us/HT213255
- https://support.apple.com/en-us/HT213256
- https://support.apple.com/en-us/HT213257
- https://support.apple.com/en-us/HT213258