| 1 | + | ![apple.png](apple.png) |
| 2 | + | |
| 3 | + | ## Two security patch for libxml2 on macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 |
| 4 | + | read more on [cra.sh](https://cra.sh/cve-2022-40303-4) |
| 5 | + | |
| 6 | + | **libxml2** |
| 7 | + | |
| 8 | + | Available for: macOS Ventura, iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later |
| 9 | + | |
| 10 | + | Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution |
| 11 | + | |
| 12 | + | Description: An integer overflow was addressed through improved input validation. |
| 13 | + | |
| 14 | + | CVE-2022-40303: Maddie Stone of Google Project Zero |
| 15 | + | |
| 16 | + | [poc_40303.sh](poc_40303.sh) |
| 17 | + | |
| 18 | + | **libxml2** |
| 19 | + | |
| 20 | + | Available for: macOS Ventura, iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later |
| 21 | + | |
| 22 | + | Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution |
| 23 | + | |
| 24 | + | Description: This issue was addressed with improved checks. |
| 25 | + | |
| 26 | + | CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero |
| 27 | + | |
| 28 | + | [poc_40304.md](poc_40304.md) |