CVE-2022-42798

Name of the Vulnerable Software and Affected Versions Apple tvOS versions prior to 16.1 Apple iOS versions prior to 15.7.1 and prior to 16.1 Apple iPadOS versions prior to 15.7.1 and prior to 16 Apple macOS versions prior to 13, prior to 12.6.1, and prior to 11.7.1 Apple watchOS versions prior to 9.1

Description The issue is related to parsing a maliciously crafted audio file, which may lead to disclosure of user information. This is due to an out-of-bounds read in the AudioToolbox when handling CAF files.

Recommendations For Apple tvOS versions prior to 16.1, update to tvOS 16.1. For Apple iOS versions prior to 15.7.1, update to iOS 15.7.1. For Apple iOS versions prior to 16.1, update to iOS 16.1. For Apple iPadOS versions prior to 15.7.1, update to iPadOS 15.7.1. For Apple iPadOS versions prior to 16, update to iPadOS 16. For Apple macOS versions prior to 13, update to macOS Ventura 13. For Apple macOS versions prior to 12.6.1, update to macOS Monterey 12.6.1. For Apple macOS versions prior to 11.7.1, update to macOS Big Sur 11.7.1. For Apple watchOS versions prior to 9.1, update to watchOS 9.1.