Alert GCSA-22121 - Apple Security Updates APPLE-SA-2022-10-24


******************************************************************

Alert ID: GCSA-22121
Data: 25 Settembre 2022
Titolo: Apple Security Updates APPLE-SA-2022-10-24

******************************************************************

:: Descrizione del problema


Apple ha rilasciato i seguenti aggiornamenti di sicurezza
per risolvere varie vulnerabilita' software presenti nei
sistemi operativi e nelle applicazioni di cui una 0-day.

APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16
APPLE-SA-2022-10-24-2 macOS Ventura 13
APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1
APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1
APPLE-SA-2022-10-24-5 watchOS 9.1
APPLE-SA-2022-10-24-6 tvOS 16.1
APPLE-SA-2022-10-24-7 Safari 16.1

NB: la CVE-2002-42827 risulta al momento ampiamente
sfruttata in rete

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

iOS versioni precedenti alla 16.1
iPadOS versioni precedenti alla 16
macOS Ventura versioni precedenti alla 13
macOS Monterey versioni precedenti alla 12.6.1
macOS Big Sur versioni precedenti alla 11.7.1
watchOS versioni precedenti alla 9.1
tvOS versioni precedenti alla 16.1
Safari browser versioni precedenti alla 16.1


:: Impatto

Manipolazione di dati
Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Rivelazione di informazioni (ID)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Spoofing


:: Soluzione

Aggiornare il software alle ultime versioni

iOS 16.1
ipadOS 16
macOS Ventura 13
macOS Monterey 12.6.1
macOS Big Sur 11.7.1
watchOS 9.1
tvOS 16.1
Safari browser 16.1


Aggiornare il software sul Mac
https://support.apple.com/it-it/HT201541

Keep your Mac up to date
https://support.apple.com/en-in/guide/mac-help/mchlpx1065/mac

Aggiornare iPhone, iPad o iPod touch
https://support.apple.com/it-it/HT204204
https://www.apple.com/itunes/

L'aggiornamento e' disponibile tramite iTunes e
"Aggiornamento software" sul tuo dispositivo iOS
e non verra' visualizzato nell'applicazione
"Aggiornamento software" del tuo computer o nel
sito di download di Apple. Assicurati di aver
installato l'ultima versione di iTunes da
https://www.apple.com/itunes/


:: Riferimenti

Aggiornamenti di sicurezza Apple
https://support.apple.com/it-it/HT201222
https://support.apple.com/en-sg/HT201222
https://support.apple.com/it-it/HT213495
https://support.apple.com/it-it/HT213489
https://support.apple.com/it-it/HT213493
https://support.apple.com/it-it/HT213494
https://support.apple.com/it-it/HT213488
https://support.apple.com/it-it/HT213492
https://support.apple.com/it-it/HT213491

CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-di-sicurezza-apple-al01-221024-csirt-ita

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0351
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32915
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42832




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEAREIAAYFAmNX2oQACgkQwZxMk2USYEJ2YACgmXDFgsX+N7vrrVIQqA2adRuK
wHEAn2VA8Wz+88sCSyQPQBK/TGgOhXIw
=HNpI
-----END PGP SIGNATURE-----