Month: May 2022

Earlier this year, Apple had been testing a new feature to let developers charge increased prices for auto-renewable subscriptions. Although this “pilot program” was restricted to selected developers, Apple is now rolling out these changes to everyone – although it has some limits.

Currently, when the developer increases the price of an auto-renewable subscription, users must confirm that they will continue subscribing at the new price, otherwise the subscription is cancelled automatically. Now with the update, the price increase will be charged even without user action.

Of course, as detailed on the Apple Developer website, there will be some limits to prevent developers from abusing this feature. For instance, users will be notified of the subscription price change. Even then, Apple makes it clear that the price increase cannot occur more than once a year.

Other limits include a maximum increase of $5 for regular subscriptions or $50 for annual subscriptions. In these situations, Apple will let users know about price changes via email, push notification, and a message within the app. Users will also have easy access to an option to cancel the subscription if they want to.

Auto-renewable subscriptions are a great way to let people access content, services, or premium features in your app. And Apple continues to set the bar in making it easy and transparent for subscribers to view, cancel, or manage their subscriptions. Our comprehensive approach includes providing email, push notifications, and in-app messaging to let subscribers know about upcoming changes and how to manage their subscriptions, or cancel if they prefer.

If the price increase for an auto-renewable subscription exceeds these limits, users will have to manually re-subscribe through the app. The subscription won’t renew at the next billing period for subscribers who didn’t opt in to the new price.

More details about the changes in auto-renewable subscriptions can be found on the App Store Connect website.

Apple last year launched the new Communication Safety in Messages feature to protect children from viewing or sharing nude content. It was initially only available in the United States, but Apple has now expanded the feature to more countries with iOS 15.5.

Back in April, Apple had confirmed that it would bring Communication Safety in Messages to users in the UK. Now, with iOS 15.5, the new safety features in Messages are available in the UK and also in three other new countries.

Here’s the list of all supported countries with the latest iOS update:

• Australia
• Canada
• New Zealand
• United Kingdom
• United States

As noted by The Apple Post, users in supported countries will see a mention of the feature in the iOS 15.5 release notes.

iOS 15.5 includes enhancements to Apple Podcasts, new safety features for children and parents in Messages, and other features and bug fixes.

Communication Safety in Messages

With Communication Safety in Messages, the Messages app can detect if a child receives or is trying to send a photo with nudity. If the child receives an inappropriate photo, the app automatically blurs the image. Although the child can choose to view the photo, doing so will show guidance and age-appropriate resources to help them make a safe choice.

It’s worth noting that the feature comes disabled by default, and even when enabled, it scans the photos on the device – so all content sent via iMessage remains end-to-end encrypted.

In order to set up Communication Safety in Messages, the child’s iPhone must be part of iCloud Family Sharing and have Screen Time enabled. More details about the feature can be found in this special article.

Read also

• Apple’s CSAM troubles may be back, as EU announces a law requiring detection

May is Blood Pressure Education Month with May 17 serving as World Hypertension Day to raise awareness and help detect, prevent, and control the health issue. This month we’ve been trying out the most portable blood pressure monitor medically cleared by the FDA, the Withings BPM Connect. Read along for a detailed look at this blood pressure monitor with Apple Health integration plus how far Withings has come in recent years.

I first bought the Withings Connect blood pressure monitor back in 2014 (above on left) and have been using it for the last eight years. It’s still working but I was curious to check out the company’s latest iteration, the BPM Connect.

Arriving with a number of upgrades over my old model, this highly-portable blood pressure monitor is a really convenient way to get medically accurate readings that automatically get pulled into Apple Health along with the Withings Health Mate app.

Hands-on: Withings BPM Connect portable blood pressure monitor

Specs

• Super-portable design
  • 1.97 x 2.56 x 6.1 inches (55 x 65 x 155 mm)
• Fits arms 9-17 inches (22-42 cm)
• Integrated matrix LED screen
• One-button operation
  • Can be used without iPhone present
• Built-in rechargeable battery (micro USB)
  • Up to 6-month battery life
• Measures systolic and diastolic blood pressure plus heart rate
• Deemed medically accurate by the FDA
• FSA-eligible purchase
• Apple Health support
• Price: $99.95

Note: Withings says “Pacemakers and implantable cardioverter defibrillators (ICD) can make BP measurements inconclusive.”

In Use

Withings has really nailed the design with BPM Connect. Instead of using a hard shell cuff, the fabric design makes this a very portable blood pressure monitor. It’s about the size of a can of soda and has a built-in rechargeable battery.

With battery life of up to 6 months, that means you don’t have to mess with bringing a charging cord if you want to take BPM Connect with you on trips, even long ones.

It would have been nice to see USB-C used instead of micro USB but charging is so infrequent that I don’t find it to be an issue.

Along with the convenient portable design, I really like the user experience. Once it’s set up, press the button once to turn on the BPM Connect and press one more time to start a blood pressure reading.

You can also press and hold the button to switch to triple readings. That uses a one-minute interval between each of the three readings and you can also change the rest time in the Health Mate app.

Once a reading is complete, you’ll see your results right on the BPM Connect display. Along with your diastolic/systolic measurements and heart rate, you’ll see a green, yellow, or red LED to quickly tell if your numbers are in the healthy range or elevated.

And the data is wirelessly shared and saved with the Withings Health Mate app and Apple Health (when enabled).

Another neat feature if you’re sharing BPM Connect with family members, it will recognize who is taking a measurement with the name even showing directly on the LED display.

Apple Health integration

Withings has extensive Apple Health support with its devices and it’s easy to track blood pressure in the Health app along with the Health mate app.

In Apple Health, blood pressure data automatically imported from the Withings Health Mate app shows up under Browse > Heart.

Here’s a look at the Health Mate app. Under the “Devices” tab, you can see the BPM Connect’s battery status, check for updates, and customize settings.

When you view your blood pressure readings in the Dashboard, you can add notes, quickly share via email to your doctor (tap the … button in the top right corner), delete readings, and more.

Portable blood pressure monitor: BPM Connect conclusion

If you’re looking for an easy-to-use and portable blood pressure monitor medically cleared by the FDA, the Withings BPM Connect should be at the top of your list. The only small piece of constructive criticism I have is that Withings uses micro USB for charging (cable included) instead of USB-C.

The Withings BPM Connect is available for $99.95 at Amazon, direct from Withings, and more.

Also, a great companion is the Withings Body Cardio smart scale that features body composition readings, including fat, muscle, water, and even Vascular Age.

• Review: Withings Body Cardio smart scale with Apple Health now features Vascular Age

Apple has released iOS 15.5, macOS 12.4, and more today with updates like new features for Apple Cash, the Podcasts app, and the Studio Display webcam fix. However, a bigger reason to update your devices is the security patches with today’s releases. iOS 15.5 includes almost 30 security fixes while macOS 12.4 features over 50.

Apple shared all the details for the security fixes in its latest software for iPhone, iPad, Mac, and more on its support page.

For both iOS and Mac, many of the flaws could allow malicious apps to execute arbitrary code with kernel privileges. Another for iOS says “A remote attacker may be able to cause unexpected application termination or arbitrary code execution.”

Specifically on Mac, one of the 50+ flaws fixed was that “Photo location information may persist after it is removed with Preview Inspector.”

Important security updates are also available for macOS Big Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.

You can read about all of the vulnerabilities fixed with the latest updates below:

iOS and macOS security patches:

---

iOS 15.5 and iPadOS 15.5

Released May 16, 2022

AppleAVD

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26702: an anonymous researcher

AppleGraphicsControl

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AVEVideoEncoder

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26736: an anonymous researcher

CVE-2022-26737: an anonymous researcher

CVE-2022-26738: an anonymous researcher

CVE-2022-26739: an anonymous researcher

CVE-2022-26740: an anonymous researcher

DriverKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

GPU Drivers

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26744: an anonymous researcher

ImageIO

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow issue was addressed with improved input validation.

CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

IOKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26771: an anonymous researcher

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-23308

Notes

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a large input may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal

Safari Private Browsing

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may be able to track users in Safari private browsing mode

Description: A logic issue was addressed with improved state management.

CVE-2022-26731: an anonymous researcher

Security

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

Shortcuts

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: An authorization issue was addressed with improved state management.

CVE-2022-26703: Salman Syed (@slmnsd551)

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab

WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call

Description: A logic issue in the handling of concurrent media was addressed with improved state handling.

WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher

Wi-Fi

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26745: an anonymous researcher

Wi-Fi

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team

Wi-Fi

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2015-4142: Kostya Kortchinsky of Google Security Team

Wi-Fi

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26762: Wang Yu of Cyberserval

Additional recognition

AppleMobileFileIntegrity

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

FaceTime

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

WebKit

We would like to acknowledge James Lee, an anonymous researcher for their assistance.

Wi-Fi

We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.

---

macOS Monterey 12.4

Released May 16, 2022

AMD

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26772: an anonymous researcher

AMD

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-26741: ABC Research s.r.o

CVE-2022-26742: ABC Research s.r.o

CVE-2022-26749: ABC Research s.r.o

CVE-2022-26750: ABC Research s.r.o

CVE-2022-26752: ABC Research s.r.o

CVE-2022-26753: ABC Research s.r.o

CVE-2022-26754: ABC Research s.r.o

apache

Available for: macOS Monterey

Impact: Multiple issues in apache

Description: Multiple issues were addressed by updating apache to version 2.4.53.

CVE-2021-44224

CVE-2021-44790

CVE-2022-22719

CVE-2022-22720

CVE-2022-22721

AppleGraphicsControl

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

AppleScript

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-26698: Qi Sun of Trend Micro

AVEVideoEncoder

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26736: an anonymous researcher

CVE-2022-26737: an anonymous researcher

CVE-2022-26738: an anonymous researcher

CVE-2022-26739: an anonymous researcher

CVE-2022-26740: an anonymous researcher

Contacts

Available for: macOS Monterey

Impact: A plug-in may be able to inherit the application’s permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing

CVMS

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A memory initialization issue was addressed.

CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori

CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow issue was addressed with improved input validation.

CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

ImageIO

Available for: macOS Monterey

Impact: Photo location information may persist after it is removed with Preview Inspector

Description: A logic issue was addressed with improved state management.

CVE-2022-26725: Andrew Williams and Avi Drissman of Google

Intel Graphics Driver

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative

Intel Graphics Driver

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-26756: Jack Dates of RET2 Systems, Inc

IOKit

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

Kernel

Available for: macOS Monterey

Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26743: Jordy Zomer (@pwningsystems)

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel

Available for: macOS Monterey

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices

Available for: macOS Monterey

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2022-26706: Arsenii Kostromin (0x3c3e)

LaunchServices

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: The issue was addressed with additional permissions checks.

CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

libresolv

Available for: macOS Monterey

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team

CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team

libresolv

Available for: macOS Monterey

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL

Available for: macOS Monterey

Impact: Processing a maliciously crafted certificate may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2022-0778

libxml2

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-23308

OpenSSL

Available for: macOS Monterey

Impact: Processing a maliciously crafted certificate may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2022-0778

PackageKit

Available for: macOS Monterey

Impact: A malicious application may be able to modify protected parts of the file system

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-26712: Mickey Jin (@patch1t)

PackageKit

Available for: macOS Monterey

Impact: A malicious application may be able to modify protected parts of the file system

Description: This issue was addressed with improved entitlements.

CVE-2022-26727: Mickey Jin (@patch1t)

Preview

Available for: macOS Monterey

Impact: A plug-in may be able to inherit the application’s permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing

Printing

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-26746: @gorelics

Safari Private Browsing

Available for: macOS Monterey

Impact: A malicious website may be able to track users in Safari private browsing mode

Description: A logic issue was addressed with improved state management.

CVE-2022-26731: an anonymous researcher

Security

Available for: macOS Monterey

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB

Available for: macOS Monterey

Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26723: Felix Poulin-Belanger

SoftwareUpdate

Available for: macOS Monterey

Impact: A malicious application may be able to access restricted files

Description: This issue was addressed with improved entitlements.

CVE-2022-26728: Mickey Jin (@patch1t)

Spotlight

Available for: macOS Monterey

Impact: An app may be able to gain elevated privileges

Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.

CVE-2022-26704: an anonymous researcher

TCC

Available for: macOS Monterey

Impact: An app may be able to capture a user’s screen

Description: This issue was addressed with improved checks.

CVE-2022-26726: an anonymous researcher

Tcl

Available for: macOS Monterey

Impact: A malicious application may be able to break out of its sandbox

Description: This issue was addressed with improved environment sanitization.

CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab

WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC

Available for: macOS Monterey

Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call

Description: A logic issue in the handling of concurrent media was addressed with improved state handling.

WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher

Wi-Fi

Available for: macOS Monterey

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26745: an anonymous researcher

Wi-Fi

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26761: Wang Yu of Cyberserval

Wi-Fi

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26762: Wang Yu of Cyberserval

zip

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to a denial of service

Description: A denial of service issue was addressed with improved state handling.

CVE-2022-0530

zlib

Available for: macOS Monterey

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-25032: Tavis Ormandy

zsh

Available for: macOS Monterey

Impact: A remote attacker may be able to cause arbitrary code execution

Description: This issue was addressed by updating to zsh version 5.8.1.

CVE-2021-45444

Additional recognition

AppleMobileFileIntegrity

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

Bluetooth

We would like to acknowledge Jann Horn of Project Zero for their assistance.

Calendar

We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.

FaceTime

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

FileVault

We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.

Login Window

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Photo Booth

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

System Preferences

We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.

WebKit

We would like to acknowledge James Lee, an anonymous researcher for their assistance.

Wi-Fi

We would like to acknowledge Dana Morrison for their assistance.

Kerbal Space Program 2 is delayed again. The game’s development team updated fans on the progress of the long-delayed project Monday, saying that the sequel would be ready for launch in early 2023 on PC and on consoles later that same year.

“We are building a game of tremendous technological complexity, and are taking this additional time to ensure we hit the quality and level of polish it deserves,” the team explained in the post. “We remain focused on making sure KSP2 performs well on a variety of hardware, has amazing graphics, and is rich with content. We’ve built a spectacular team at Intercept Games — a team that includes, as previously mentioned, key members from the development team behind the original Kerbal Space Program.”

Creative director Nate Simpson also released a video explaining the new release date and the delay, though it didn’t include too much additional information.

The original Kerbal Space Program was designed by Squad, an unconventional international team headquartered in Mexico City, only to be acquired by Take Two in 2017. The sequel was announced in 2019, with Star Theory Games (formerly Uber Entertainment) charged with development. That team was swapped out for Intercept Games the same year. It’s this transition — along with the COVID-19 pandemic and the overall complexity of the spaceflight simulation — that has resulted in multiple delays for the game according to developers.

Apple will officially announce iOS 16 and other major updates to its operating systems at the WWDC 2022 kickoff event on June 6. While the first beta is always made available exclusively to developers, a new report from Mark Gurman claimed that the first public beta of iOS 16 will come later than usual.

Gurman said in a tweet that the iOS 16 beta build release schedule is a bit different this year. According to the journalist, Apple has plans to introduce the first public beta of iOS 16 along with the third developer beta in July. Typically, the first public beta of a new iOS version comes along with the second developer beta.

The reason, according to Gurman, is that the current internal builds are “a bit buggy.” As a result, Apple engineers will need more time to make iOS 16 beta stable enough before letting anyone install it on iPhone and iPad devices.

It’s worth noting that iOS builds are compiled days or even weeks before they are officially released. This means that, by now, Apple has probably wrapped up the first beta of iOS 16 that will be available to developers shortly after the WWDC 2022 event next month. Of course, Apple may still have time to improve the second beta of iOS 16 so that it can be released to the public in late June.

iOS 16 rumors

According to recent rumors, iOS 16 is expected to bring significant improvements to notifications as well as a new interface for iPadOS multitasking. 9to5Mac reported earlier this year that Apple has been working on adding expanded settings for Focus Mode in iOS 16.

As for watchOS 9, another report from Gurman reveals that the update will bring “major upgrades to activity and health tracking.” He also believes that most watch faces will be redesigned to take advantage of the larger Apple Watch Series 7 screen.

iOS 16’s first public beta is scheduled alongside iOS 16 developer beta 3 in July. First iOS public betas are typically released alongside beta 2. That means the public beta may be running behind. Current internal seeds are a bit buggy. Things are still fluid and could shift.

— Mark Gurman (@markgurman) May 16, 2022

WWDC 2022 begins June 6, with online sessions through June 10. More details can be found on Apple’s website.

Ubisoft announced on Monday that the company would be bringing its games subscription service to the PlayStation platform sometime in the near future. Ubisoft Plus is currently available on Windows PC, Google’s Stadia service, and on Amazon Luna. It will also be coming soon to Xbox consoles. The subscription service gives players access to over 100 games from across Ubisoft’s franchises and starts at $14.99 per month.

The subscription will give PlayStation users in particular access to popular console versions of games like Rainbow Six Extraction and Immortals Fenyx Rising. A standard PC subscription currently costs $14.99 per month. A more expensive version, called the Multi Access subscription, gives consumers access to a similar catalog across multiple devices via cloud gaming services Amazon Luna and Google Stadia. It costs $17.99 per month.

Ubisoft also announced an additional special subscription for PlayStation users called Ubisoft Plus Classics, set to launch May 24. You can view the full list on Ubisoft’s website, but some games that will be bundled as a part of that service include Assassin’s Creed Valhalla, The Division, and For Honor.

Sonos just officially launched its most affordable soundbar to date with “Ray.” Now one of the company’s next products has been revealed which would serve as a good companion for the Ray and Beam soundbars. Here’s how the Sonos Sub Mini looks and when it might launch.

Leaked by The Verge, we’ve got our first detailed look at Sonos’ budget wireless subwoofer called the “Sub Mini.”

At this point, the company only sells one wireless option for supporting low-end frequencies, the Sub gen 3 at $749. That’s not a good fit for smaller spaces or priced to go with the $279 or $449 Ray and Beam soundbars.

As shown above in the rendering created by The Verge after seeing a real picture, the Sonos Sub Mini features a cylindrical design with a vertical pill cutout. That hints Sonos may be using a similar internal design as the Sub.

Specific dimensions weren’t found but given the mini name, the new sub should come with a compact form factor. Detailed features and pricing also weren’t discovered, at least for now.

While it’s unclear when we might see a launch for the Sonos Sub Mini, comments from the company’s CEO Patrick Spence hint it could arrive sometime between now and September.

Another clue that this could be the company’s next release is the internal codename. The Ray soundbar that was just launched used the name S36 and the Sub Mini is internally known as S37.

Last week, along with Sonos Ray going up for preorder, the company also revealed its own voice assistant will be launching in June that will allow Sonos customers to control Apple Music natively.

• Sonos unveils Apple Music voice control without Alexa or Assistant, budget ‘Ray’ AirPlay 2 soundbar

Top image via The Verge