The CVE-2022-22677 vulnerability is a logic issue in the handling of concurrent media streams that can lead to an interruption of video self-preview during a WebRTC call if the user answers a phone call. Consequently, this might lead to compromised user experience and potential disruptions in communication. This post will provide an in-depth understanding of the issue, the affected devices, corresponding fixes, and how to prevent it from causing harm in your systems.

iPadOS 15.x prior to 15.5

The issue is already fixed in macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5, so ensure you update your devices to the latest version to safeguard against this vulnerability.

Technical Details

The vulnerability (CVE-2022-22677) arises from a logic issue in the handling of concurrent media events, specifically when dealing with WebRTC calls. WebRTC (Web Real-Time Communication) is an open-source project that supports browser-based, real-time communication of audio, video, and data in web pages and mobile applications.

The root cause of the problem lies in the improper state handling of the media events, which can cause the video self-preview to be interrupted when a user takes a phone call. This might not result in any severe security risks, but it does pose a potential issue with communication and user experience.

The faulty state handling can be represented by the following pseudo-code snipplet

# ...
media_event_1() -> start WebRTC call <----> media_event_2() -> answer phone call
# ...

def handle_media_state():
    state = get_media_state()
    if state == MEDIA_STATE_CALLING:
        # ...
    elif state == MEDIA_STATE_ANSWERING:
        # ...
    elif state == MEDIA_STATE_ACTIVE and state != MEDIA_STATE_CALLING:
        show_interrupted_video_preview_error()

The code snippet illustrates that the video self-preview interruption happens because the media state doesn't properly transition from one event to another. This leads to a state mismatch and the app triggering an error message, even though there might not be any real issue with the media streams.

Fix and Mitigation

The vulnerability was addressed in macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5 by improving state handling logic. The updated state handling can prevent video self-preview from being interrupted under potential race conditions. Users are urged to update their devices to these latest versions to mitigate the issue.

Here is a modified version of the code snippet to showcase the improved media event state handling

# ...
media_event_1() -> start WebRTC call <----> media_event_2() -> answer phone call
# ...

def handle_media_state():
    state = get_media_state()
    if state == MEDIA_STATE_CALLING:
        # ...
    elif state == MEDIA_STATE_ANSWERING:
        # ...
    elif state == MEDIA_STATE_ACTIVE:
        if not is_concurrent_media_event():
            show_interrupted_video_preview_error()

The new is_concurrent_media_event() function improves the media state handling by preventing the app from triggering an error message in case it detects that a concurrent media event, such as answering a phone call, is taking place. This helps to ensure that the video self-preview remains uninterrupted on devices running macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5 or later versions.

In conclusion, the CVE-2022-22677 vulnerability is a non-critical logic issue that affects the handling of concurrent media states in macOS, iOS, and iPadOS devices. Although it doesn't pose any severe security risk, it might compromise communication and user experience due to interrupted video self-previews during WebRTC calls. Users are advised to update their devices to the latest versions to mitigate the issue.

References

1. macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5 release notes
2. CVE-2022-22677 details
3. WebRTC project

Timeline

Published on: 11/01/2022 20:15:00 UTC
Last modified on: 11/03/2022 13:47:00 UTC