VARIoT IoT vulnerabilities database
| VAR-202205-1353 | CVE-2022-26767 | macOS Fraud related to unauthorized authentication in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. macOS Exists in a fraudulent authentication vulnerability.Information may be obtained
| VAR-202205-1301 | CVE-2022-26731 | plural Apple Product vulnerabilities |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
iOS 15.5 and iPadOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213258.
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher
AppleGraphicsControl
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
DriverKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26744: an anonymous researcher
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
IOKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26771: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
Notes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a large input may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College Of Technology Bhopal
Safari Private Browsing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authorization issue was addressed with improved state
management.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2015-4142: Kostya Kortchinsky of Google Security Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for
their assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.5 and iPadOS 15.5".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p
rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6
xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt
EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV
TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/
XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8
YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj
+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc
1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2
mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT
EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx
WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk=
=OMfW
-----END PGP SIGNATURE-----
| VAR-202205-1332 | CVE-2022-26723 | macOS Out-of-bounds write vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-1283 | CVE-2022-26697 | macOS Out-of-bounds read vulnerability in |
CVSS V2: 5.8 CVSS V3: 7.1 Severity: HIGH |
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. macOS Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. macOS Monterey 12.4. Apple is aware of a report that this issue may
have been actively exploited. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213257.
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed
with Preview Inspector
Description: A logic issue was addressed with improved state
management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS
Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: The issue was addressed with additional permissions
checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)
of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks
and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: macOS Monterey
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their
assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology
Agency of Singapore for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH
for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Photo Booth
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui
(@toshsiddiqui), an anonymous researcher for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=
=jaCZ
-----END PGP SIGNATURE-----
| VAR-202205-1287 | CVE-2022-26715 | macOS Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213257.
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed
with Preview Inspector
Description: A logic issue was addressed with improved state
management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS
Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: The issue was addressed with additional permissions
checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)
of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks
and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: macOS Monterey
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their
assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology
Agency of Singapore for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH
for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Photo Booth
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui
(@toshsiddiqui), an anonymous researcher for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=
=jaCZ
-----END PGP SIGNATURE-----
. This was addressed with improved input
validation
| VAR-202205-1359 | CVE-2022-26704 | macOS Link interpretation vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. macOS Exists in a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Information about the security content is also available at
https://support.apple.com/HT213257.
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed
with Preview Inspector
Description: A logic issue was addressed with improved state
management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS
Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: The issue was addressed with additional permissions
checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)
of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: macOS Monterey
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their
assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology
Agency of Singapore for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH
for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Photo Booth
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui
(@toshsiddiqui), an anonymous researcher for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=
=jaCZ
-----END PGP SIGNATURE-----
.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ
| VAR-202205-1314 | CVE-2022-26719 | Out-of-bounds write vulnerability in multiple Apple products |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. Safari , iPadOS , iOS Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple WebKit has a buffer error vulnerability, which is caused by a boundary error in WebKit's processing of HTML content. A remote attacker could trick a victim into visiting a specially crafted website, trigger memory corruption, and execute arbitrary code on the targeted system. The following products and versions are affected: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD. Apple is aware of a report that this issue may
have been actively exploited.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
iOS 15.5 and iPadOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213258.
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher
AppleGraphicsControl
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
DriverKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26744: an anonymous researcher
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
IOKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26771: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
Notes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a large input may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College Of Technology Bhopal
Safari Private Browsing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authorization issue was addressed with improved state
management.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2015-4142: Kostya Kortchinsky of Google Security Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for
their assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.5 and iPadOS 15.5".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p
rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6
xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt
EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV
TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/
XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8
YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj
+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc
1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2
mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT
EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx
WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk=
=OMfW
-----END PGP SIGNATURE-----
.
Safari 15.5 may be obtained from the Mac App Store. Summary:
Updated rh-sso-7/sso76-openshift-rhel8 container image and
rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based
Middleware Containers. Description:
The rh-sso-7/sso76-openshift-rhel8 container image and
rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based
Middleware Containers to address the following security issues.
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* keycloak: Session takeover with OIDC offline refreshtokens
(CVE-2022-3916)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Users of rh-sso-7/sso76-openshift-rhel8 container images and
rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these
updated images, which contain backported patches to correct these security
issues, fix these bugs and add these enhancements. Users of these images
are also encouraged to rebuild all container images that depend on these
images.
You can find images updated by this advisory in Red Hat Container Catalog
(see References). Solution:
The RHEL-8 based Middleware Containers container image provided by this
update can be downloaded from the Red Hat Container Registry at
registry.access.redhat.com. Installation instructions for your platform are
available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image
specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens
5. JIRA issues fixed (https://issues.jboss.org/):
CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8
CIAM-4413 - Generate new operator bundle image for this patch
6.
Security Fix(es):
* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as
random as they should be (CVE-2021-4238)
* golang: archive/tar: unbounded memory consumption when reading headers
(CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable
query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY
(CVE-2022-27664)
* Istio: Denial of service attack via a specially crafted message
(CVE-2022-39278)
* golang: regexp/syntax: limit memory used by parsing regexps
(CVE-2022-41715)
* kiali: error message spoofing in kiali UI (CVE-2022-3962)
* golang: math/big: decoding big.Float and big.Rat types can panic if the
encoded message is too short, potentially allowing a denial of service
(CVE-2022-32189)
For more details about security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, see the CVE page(s)
listed in the Container CVEs section. Bugs fixed (https://bugzilla.redhat.com/):
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
2148199 - CVE-2022-39278 Istio: Denial of service attack via a specially crafted message
2148661 - CVE-2022-3962 kiali: error message spoofing in kiali UI
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
5. JIRA issues fixed (https://issues.jboss.org/):
OSSM-1977 - Support for Istio Gateway API in Kiali
OSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5
OSSM-2147 - Unexpected validation message on Gateway object
OSSM-2169 - Member controller doesn't retry on conflict
OSSM-2170 - Member namespaces aren't cleaned up when a cluster-scoped SMMR is deleted
OSSM-2179 - Wasm plugins only support OCI images with 1 layer
OSSM-2184 - Istiod isn't allowed to delete analysis distribution report configmap
OSSM-2188 - Member namespaces not cleaned up when SMCP is deleted
OSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all
OSSM-2190 - The memberroll controller reconciles SMMRs with invalid name
OSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name
OSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form
OSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3]
OSSM-2308 - add root CA certificates to kiali container
OSSM-2315 - be able to customize openshift auth timeouts
OSSM-2324 - Gateway injection does not work when pods are created by cluster admins
OSSM-2335 - Potential hang using Traces scatterplot chart
OSSM-2338 - Federation deployment does not need router mode sni-dnat
OSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests
OSSM-2375 - Istiod should log member namespaces on every update
OSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod
OSSM-535 - Support validationMessages in SMCP
OSSM-827 - ServiceMeshMembers point to wrong SMCP name
6. Bugs fixed (https://bugzilla.redhat.com/):
2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js
2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing
2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process
2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method
2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service
2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
5. JIRA issues fixed (https://issues.jboss.org/):
MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod
MTA-106 - Implement ability for windup addon image pull policy to be configurable
MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting
MTA-123 - MTA Becomes unusable when running bulk binary analysis
MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing
MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1
MTA-36 - Can't disable a proxy if it has an invalid configuration
MTA-44 - Make RWX volumes optional.
MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct %
MTA-59 - Getting error 401 if deleting many credentials quickly
MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter
MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6]
MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6]
MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]
MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6]
MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]
MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6]
MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]
MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6]
MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6]
MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0]
MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security and bug fix update
Advisory ID: RHSA-2022:7704-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7704
Issue date: 2022-11-08
CVE Names: CVE-2022-22624 CVE-2022-22628 CVE-2022-22629
CVE-2022-22662 CVE-2022-26700 CVE-2022-26709
CVE-2022-26710 CVE-2022-26716 CVE-2022-26717
CVE-2022-26719 CVE-2022-30293
====================================================================
1. Summary:
An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise
Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
GLib provides the core application building blocks for libraries and
applications written in C. It provides the core object system used in
GNOME, the main loop implementation, and a large set of utility functions
for strings and common data structures.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.7 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.36.7-1.el8.src.rpm
aarch64:
webkit2gtk3-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-devel-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.aarch64.rpm
ppc64le:
webkit2gtk3-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.ppc64le.rpm
s390x:
webkit2gtk3-2.36.7-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.36.7-1.el8.s390x.rpm
webkit2gtk3-devel-2.36.7-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.s390x.rpm
x86_64:
webkit2gtk3-2.36.7-1.el8.i686.rpm
webkit2gtk3-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.36.7-1.el8.i686.rpm
webkit2gtk3-debugsource-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-devel-2.36.7-1.el8.i686.rpm
webkit2gtk3-devel-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.36.7-1.el8.i686.rpm
webkit2gtk3-jsc-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
glib2-2.56.4-159.el8.src.rpm
aarch64:
glib2-2.56.4-159.el8.aarch64.rpm
glib2-debuginfo-2.56.4-159.el8.aarch64.rpm
glib2-debugsource-2.56.4-159.el8.aarch64.rpm
glib2-devel-2.56.4-159.el8.aarch64.rpm
glib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm
glib2-fam-2.56.4-159.el8.aarch64.rpm
glib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm
glib2-tests-2.56.4-159.el8.aarch64.rpm
glib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm
ppc64le:
glib2-2.56.4-159.el8.ppc64le.rpm
glib2-debuginfo-2.56.4-159.el8.ppc64le.rpm
glib2-debugsource-2.56.4-159.el8.ppc64le.rpm
glib2-devel-2.56.4-159.el8.ppc64le.rpm
glib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm
glib2-fam-2.56.4-159.el8.ppc64le.rpm
glib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm
glib2-tests-2.56.4-159.el8.ppc64le.rpm
glib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm
s390x:
glib2-2.56.4-159.el8.s390x.rpm
glib2-debuginfo-2.56.4-159.el8.s390x.rpm
glib2-debugsource-2.56.4-159.el8.s390x.rpm
glib2-devel-2.56.4-159.el8.s390x.rpm
glib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm
glib2-fam-2.56.4-159.el8.s390x.rpm
glib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm
glib2-tests-2.56.4-159.el8.s390x.rpm
glib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm
x86_64:
glib2-2.56.4-159.el8.i686.rpm
glib2-2.56.4-159.el8.x86_64.rpm
glib2-debuginfo-2.56.4-159.el8.i686.rpm
glib2-debuginfo-2.56.4-159.el8.x86_64.rpm
glib2-debugsource-2.56.4-159.el8.i686.rpm
glib2-debugsource-2.56.4-159.el8.x86_64.rpm
glib2-devel-2.56.4-159.el8.i686.rpm
glib2-devel-2.56.4-159.el8.x86_64.rpm
glib2-devel-debuginfo-2.56.4-159.el8.i686.rpm
glib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm
glib2-fam-2.56.4-159.el8.x86_64.rpm
glib2-fam-debuginfo-2.56.4-159.el8.i686.rpm
glib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm
glib2-tests-2.56.4-159.el8.x86_64.rpm
glib2-tests-debuginfo-2.56.4-159.el8.i686.rpm
glib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
glib2-debuginfo-2.56.4-159.el8.aarch64.rpm
glib2-debugsource-2.56.4-159.el8.aarch64.rpm
glib2-devel-debuginfo-2.56.4-159.el8.aarch64.rpm
glib2-fam-debuginfo-2.56.4-159.el8.aarch64.rpm
glib2-static-2.56.4-159.el8.aarch64.rpm
glib2-tests-debuginfo-2.56.4-159.el8.aarch64.rpm
noarch:
glib2-doc-2.56.4-159.el8.noarch.rpm
ppc64le:
glib2-debuginfo-2.56.4-159.el8.ppc64le.rpm
glib2-debugsource-2.56.4-159.el8.ppc64le.rpm
glib2-devel-debuginfo-2.56.4-159.el8.ppc64le.rpm
glib2-fam-debuginfo-2.56.4-159.el8.ppc64le.rpm
glib2-static-2.56.4-159.el8.ppc64le.rpm
glib2-tests-debuginfo-2.56.4-159.el8.ppc64le.rpm
s390x:
glib2-debuginfo-2.56.4-159.el8.s390x.rpm
glib2-debugsource-2.56.4-159.el8.s390x.rpm
glib2-devel-debuginfo-2.56.4-159.el8.s390x.rpm
glib2-fam-debuginfo-2.56.4-159.el8.s390x.rpm
glib2-static-2.56.4-159.el8.s390x.rpm
glib2-tests-debuginfo-2.56.4-159.el8.s390x.rpm
x86_64:
glib2-debuginfo-2.56.4-159.el8.i686.rpm
glib2-debuginfo-2.56.4-159.el8.x86_64.rpm
glib2-debugsource-2.56.4-159.el8.i686.rpm
glib2-debugsource-2.56.4-159.el8.x86_64.rpm
glib2-devel-debuginfo-2.56.4-159.el8.i686.rpm
glib2-devel-debuginfo-2.56.4-159.el8.x86_64.rpm
glib2-fam-debuginfo-2.56.4-159.el8.i686.rpm
glib2-fam-debuginfo-2.56.4-159.el8.x86_64.rpm
glib2-static-2.56.4-159.el8.i686.rpm
glib2-static-2.56.4-159.el8.x86_64.rpm
glib2-tests-debuginfo-2.56.4-159.el8.i686.rpm
glib2-tests-debuginfo-2.56.4-159.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. Solution:
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
For Red Hat OpenShift Logging 5.5, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html
4. JIRA issues fixed (https://issues.jboss.org/):
LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster
LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch
LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs
LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types.
LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value
LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed
LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue
LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console
LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config
6
| VAR-202205-1311 | CVE-2022-26744 | iOS and iPadOS Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. iOS and iPadOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.5 and iPadOS 15.5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.
Accelerate Framework
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of
Google Project Zero, and an anonymous researcher
Entry added October 27, 2022
AppleAVD
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio
Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research
s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)
Entry added October 27, 2022
Apple Neural Engine
Available for: iPhone 8 and later
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32858: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Apple Neural Engine
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32898: Mohamed Ghannam (@_simo36)
CVE-2022-32899: Mohamed Ghannam (@_simo36)
CVE-2022-32889: Mohamed Ghannam (@_simo36)
Entry added October 27, 2022
Apple TV
Available for: iPhone 8 and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Crash Reporter
Available for: iPhone 8 and later
Impact: A user with physical access to an iOS device may be able to
read past diagnostic logs
Description: This issue was addressed with improved data protection.
CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
Entry added October 27, 2022
DriverKit
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022
Exchange
Available for: iPhone 8 and later
Impact: A user in a privileged network position may be able to
intercept mail credentials
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32928: an anonymous researcher
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26744: an anonymous researcher
Entry added October 27, 2022
GPU Drivers
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32903: an anonymous researcher
Entry added October 27, 2022
ImageIO
Available for: iPhone 8 and later
Impact: Processing an image may lead to a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2022-1622
Entry added October 27, 2022
Image Processing
Available for: iPhone 8 and later
Impact: A sandboxed app may be able to determine which app is
currently using the camera
Description: The issue was addressed with additional restrictions on
the observability of app states.
CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added October 27, 2022
IOGPUFamily
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32887: an anonymous researcher
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32914: Zweig of Kunlun Lab
Entry added October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)
CVE-2022-32911: Zweig of Kunlun Lab
Entry updated October 27, 2022
Kernel
Available for: iPhone 8 and later
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32917: an anonymous researcher
Maps
Available for: iPhone 8 and later
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary
Available for: iPhone 8 and later
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-32908: an anonymous researcher
Notifications
Available for: iPhone 8 and later
Impact: A user with physical access to a device may be able to access
contacts from the lock screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-32879: Ubeydullah Sümer
Entry added October 27, 2022
Photos
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved data protection.
CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha
Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort
(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan
of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
Entry added October 27, 2022
Safari
Available for: iPhone 8 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: This issue was addressed with improved checks.
CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari Extensions
Available for: iPhone 8 and later
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael
Sandbox
Available for: iPhone 8 and later
Impact: An app may be able to modify protected parts of the file
system
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 27, 2022
Security
Available for: iPhone 8 and later
Impact: An app may be able to bypass code signing checks
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Entry added October 27, 2022
Shortcuts
Available for: iPhone 8 and later
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32872: Elite Tech Guru
Sidecar
Available for: iPhone 8 and later
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-42790: Om kothawade of Zaprico Digital
Entry added October 27, 2022
Siri
Available for: iPhone 8 and later
Impact: A user with physical access to a device may be able to use
Siri to obtain some call history information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32870: Andrew Goldberg of The McCombs School of Business,
The University of Texas at Austin (linkedin.com/andrew-goldberg-/)
Entry added October 27, 2022
SQLite
Available for: iPhone 8 and later
Impact: A remote user may be able to cause a denial-of-service
Description: This issue was addressed with improved checks.
CVE-2021-36690
Entry added October 27, 2022
Time Zone
Available for: iPhone 8 and later
Impact: Deleted contacts may still appear in spotlight search results
Description: A logic issue was addressed with improved state
management.
CVE-2022-32859
Entry added October 27, 2022
Watch app
Available for: iPhone 8 and later
Impact: An app may be able to read a persistent device identifier
Description: This issue was addressed with improved entitlements.
CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Entry added October 27, 2022
Weather
Available for: iPhone 8 and later
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32875: an anonymous researcher
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
WebKit Bugzilla: 242047
CVE-2022-32888: P1umer (@p1umer)
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243236
CVE-2022-32891: @real_as3617, and an anonymous researcher
Entry added October 27, 2022
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit
Available for: iPhone 8 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with
Trend Micro Zero Day Initiative
WebKit Sandboxing
Available for: iPhone 8 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improvements to the
sandbox.
WebKit Bugzilla: 243181
CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
Entry added October 27, 2022
Wi-Fi
Available for: iPhone 8 and later
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32925: Wang Yu of Cyberserval
Entry added October 27, 2022
Additional recognition
AirDrop
We would like to acknowledge Alexander Heinrich, Milan Stute, and
Christian Weinert of Technical University of Darmstadt for their
assistance.
Entry added October 27, 2022
AppleCredentialManager
We would like to acknowledge @jonathandata1 for their assistance.
Entry added October 27, 2022
Calendar UI
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of
Lakshmi Narain College Of Technology Bhopal for their assistance.
Entry added October 27, 2022
FaceTime
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Find My
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Game Center
We would like to acknowledge Joshua Jones for their assistance.
iCloud
We would like to acknowledge Bülent Aytulun, and an anonymous
researcher for their assistance.
Entry added October 27, 2022
Identity Services
We would like to acknowledge Joshua Jones for their assistance.
Kernel
We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting
Yin of Tsinghua University, and Min Zheng of Ant Group, and an
anonymous researcher for their assistance.
Entry added October 27, 2022
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
Notes
We would like to acknowledge Edward Riley of Iron Cloud Limited
(ironclouduk.com) for their assistance.
Entry added October 27, 2022
Photo Booth
We would like to acknowledge Prashanth Kannan of Dremio for their
assistance.
Entry added October 27, 2022
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added October 27, 2022
Shortcuts
We would like to acknowledge Shay Dror for their assistance.
Entry added October 27, 2022
SOS
We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber
Security Lab for their assistance.
Entry added October 27, 2022
UIKit
We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an
anonymous researcher for their assistance.
Entry added October 27, 2022
WebKit
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added October 27, 2022
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 16".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke
NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC
C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7
K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM
ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK
Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU
Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp
rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K
tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU
rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ
Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR
nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=
=I+iq
-----END PGP SIGNATURE-----
| VAR-202205-1284 | CVE-2022-22677 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 4.3 Severity: MEDIUM |
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
Information about the security content is also available at
https://support.apple.com/HT213257.
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed
with Preview Inspector
Description: A logic issue was addressed with improved state
management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS
Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: The issue was addressed with additional permissions
checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)
of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-0778
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks
and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their
assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology
Agency of Singapore for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH
for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Photo Booth
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui
(@toshsiddiqui), an anonymous researcher for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=
=jaCZ
-----END PGP SIGNATURE-----
.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authorization issue was addressed with improved state
management.
CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.5 and iPadOS 15.5". =========================================================================
Ubuntu Security Notice USN-5522-1
July 18, 2022
webkit2gtk vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a
remote attacker could exploit a variety of issues related to web browser
security, including cross-site scripting attacks, denial of service attacks,
and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.4-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.36.4-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.36.4-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.36.4-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.4-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.36.4-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5182-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
July 15, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2022-22677 CVE-2022-26710
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2022-22677
An anonymous researcher discovered that the video in a webRTC call
may be interrupted if the audio capture gets interrupted.
For the oldstable distribution (buster), these problems have been fixed
in version 2.36.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 2.36.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-39
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebKitGTK+: Multiple Vulnerabilities
Date: August 31, 2022
Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990
ID: 202208-39
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7
Description
==========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"
References
=========
[ 1 ] CVE-2022-2294
https://nvd.nist.gov/vuln/detail/CVE-2022-2294
[ 2 ] CVE-2022-22589
https://nvd.nist.gov/vuln/detail/CVE-2022-22589
[ 3 ] CVE-2022-22590
https://nvd.nist.gov/vuln/detail/CVE-2022-22590
[ 4 ] CVE-2022-22592
https://nvd.nist.gov/vuln/detail/CVE-2022-22592
[ 5 ] CVE-2022-22620
https://nvd.nist.gov/vuln/detail/CVE-2022-22620
[ 6 ] CVE-2022-22624
https://nvd.nist.gov/vuln/detail/CVE-2022-22624
[ 7 ] CVE-2022-22628
https://nvd.nist.gov/vuln/detail/CVE-2022-22628
[ 8 ] CVE-2022-22629
https://nvd.nist.gov/vuln/detail/CVE-2022-22629
[ 9 ] CVE-2022-22662
https://nvd.nist.gov/vuln/detail/CVE-2022-22662
[ 10 ] CVE-2022-22677
https://nvd.nist.gov/vuln/detail/CVE-2022-22677
[ 11 ] CVE-2022-26700
https://nvd.nist.gov/vuln/detail/CVE-2022-26700
[ 12 ] CVE-2022-26709
https://nvd.nist.gov/vuln/detail/CVE-2022-26709
[ 13 ] CVE-2022-26710
https://nvd.nist.gov/vuln/detail/CVE-2022-26710
[ 14 ] CVE-2022-26716
https://nvd.nist.gov/vuln/detail/CVE-2022-26716
[ 15 ] CVE-2022-26717
https://nvd.nist.gov/vuln/detail/CVE-2022-26717
[ 16 ] CVE-2022-26719
https://nvd.nist.gov/vuln/detail/CVE-2022-26719
[ 17 ] CVE-2022-30293
https://nvd.nist.gov/vuln/detail/CVE-2022-30293
[ 18 ] CVE-2022-30294
https://nvd.nist.gov/vuln/detail/CVE-2022-30294
[ 19 ] CVE-2022-32784
https://nvd.nist.gov/vuln/detail/CVE-2022-32784
[ 20 ] CVE-2022-32792
https://nvd.nist.gov/vuln/detail/CVE-2022-32792
[ 21 ] CVE-2022-32893
https://nvd.nist.gov/vuln/detail/CVE-2022-32893
[ 22 ] WSA-2022-0002
https://webkitgtk.org/security/WSA-2022-0002.html
[ 23 ] WSA-2022-0003
https://webkitgtk.org/security/WSA-2022-0003.html
[ 24 ] WSA-2022-0007
https://webkitgtk.org/security/WSA-2022-0007.html
[ 25 ] WSA-2022-0008
https://webkitgtk.org/security/WSA-2022-0008.html
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-39
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202205-1325 | CVE-2022-26712 | macOS Vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system. macOS Exists in unspecified vulnerabilities.Information may be tampered with. Apple is aware of a report that this issue may
have been actively exploited. This was addressed with improved input
validation.
Information about the security content is also available at
https://support.apple.com/HT213257.
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26772: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-26741: ABC Research s.r.o
CVE-2022-26742: ABC Research s.r.o
CVE-2022-26749: ABC Research s.r.o
CVE-2022-26750: ABC Research s.r.o
CVE-2022-26752: ABC Research s.r.o
CVE-2022-26753: ABC Research s.r.o
CVE-2022-26754: ABC Research s.r.o
apache
Available for: macOS Monterey
Impact: Multiple issues in apache
Description: Multiple issues were addressed by updating apache to
version 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
Contacts
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A memory initialization issue was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Monterey
Impact: Photo location information may persist after it is removed
with Preview Inspector
Description: A logic issue was addressed with improved state
management.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro
Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved code execution in macOS
Recovery may be able to escalate to kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: macOS Monterey
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: macOS Monterey
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: macOS Monterey
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: The issue was addressed with additional permissions
checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)
of the Google Security Team
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2022-0778
libxml2
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
OpenSSL
Available for: macOS Monterey
Impact: Processing a maliciously crafted certificate may lead to a
denial of service
Description: This issue was addressed with improved checks.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-26746: @gorelics
Safari Private Browsing
Available for: macOS Monterey
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: macOS Monterey
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Available for: macOS Monterey
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the handling of symlinks
and was addressed with improved validation of symlinks.
CVE-2022-26704: an anonymous researcher
TCC
Available for: macOS Monterey
Impact: An app may be able to capture a user's screen
Description: This issue was addressed with improved checks.
CVE-2022-26726: an anonymous researcher
Tcl
Available for: macOS Monterey
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: macOS Monterey
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to a denial of
service
Description: A denial of service issue was addressed with improved
state handling.
CVE-2022-0530
zlib
Available for: macOS Monterey
Impact: An attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-25032: Tavis Ormandy
zsh
Available for: macOS Monterey
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed by updating to zsh version
5.8.1.
CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
Bluetooth
We would like to acknowledge Jann Horn of Project Zero for their
assistance.
Calendar
We would like to acknowledge Eugene Lim of Government Technology
Agency of Singapore for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FileVault
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH
for their assistance.
Login Window
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Photo Booth
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
System Preferences
We would like to acknowledge Mohammad Tausif Siddiqui
(@toshsiddiqui), an anonymous researcher for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=
=jaCZ
-----END PGP SIGNATURE-----
| VAR-202205-1315 | CVE-2022-26756 | macOS Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. macOS Monterey 12.4
| VAR-202205-1298 | CVE-2022-26751 | Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of HEIC files in the VTDecoderXPCService process. An attacker can leverage this vulnerability to execute code in the context of the current user. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
iOS 15.5 and iPadOS 15.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213258.
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26702: an anonymous researcher
AppleGraphicsControl
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-26736: an anonymous researcher
CVE-2022-26737: an anonymous researcher
CVE-2022-26738: an anonymous researcher
CVE-2022-26739: an anonymous researcher
CVE-2022-26740: an anonymous researcher
DriverKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26744: an anonymous researcher
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow issue was addressed with improved
input validation.
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend
Micro Zero Day Initiative
IOKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
IOSurfaceAccelerator
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26771: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs
(@starlabs_sg)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker that has already achieved kernel code execution
may be able to bypass kernel memory mitigations
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions on third-party applications.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-23308
Notes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a large input may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College Of Technology Bhopal
Safari Private Browsing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A logic issue was addressed with improved state
management.
CVE-2022-26731: an anonymous researcher
Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious app may be able to bypass signature validation
Description: A certificate parsing issue was addressed with improved
checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authorization issue was addressed with improved state
management.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Video self-preview in a webRTC call may be interrupted if the
user answers a phone call
Description: A logic issue in the handling of concurrent media was
addressed with improved state handling.
WebKit Bugzilla: 237524
CVE-2022-22677: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-26745: an anonymous researcher
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2015-4142: Kostya Kortchinsky of Google Security Team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-26762: Wang Yu of Cyberserval
Additional recognition
AppleMobileFileIntegrity
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
FaceTime
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
WebKit
We would like to acknowledge James Lee, an anonymous researcher for
their assistance.
Wi-Fi
We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for
their assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.5 and iPadOS 15.5".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p
rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6
xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt
EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV
TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/
XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8
YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj
+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc
1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2
mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT
EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx
WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk=
=OMfW
-----END PGP SIGNATURE-----
| VAR-202205-1232 | CVE-2022-30489 | WAVLINK WN535 G3 Information Disclosure Vulnerability (CNVD-2022-61034) |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. WAVLINK WN535 G3 is a wireless router from China WAVLINK company.
There is an information disclosure vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927. The vulnerability is caused by improper authorization management on the live_check.shtml page. Attackers can use this vulnerability to obtain sensitive router information
| VAR-202205-1103 | CVE-2022-30687 | Trend Micro antivirus Multiple vulnerabilities in the cloud |
CVSS V2: 6.6 CVSS V3: 7.1 Severity: HIGH |
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. Virus Buster from Trend Micro Inc. An update for the cloud has been released. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but you may be impacted by: Please refer to the respective advisory provided by the developer for details. Cloud version 17.7 It was * Arbitrary file deletion due to link interpretation problem when accessing file in data erasure tool - CVE-2022-30687 It was * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348 It was * Time-of-check Time-of-use (( TOCTOU ) Privilege escalation due to race condition vulnerability - CVE-2022-48191 virus buster Cloud version 17.0 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the implementation of the Secure Erase feature. The issue results from the lack of proper validation of a user-supplied link prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM
| VAR-202205-1066 | CVE-2021-46788 | Huawei of EMUI and Magic UI Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. Huawei of EMUI and Magic UI Exists in unspecified vulnerabilities.Information may be tampered with. HUAWEI EMUI is a mobile operating system developed based on Android. There is a security vulnerability in HUAWEI EMUI/Magic UI, which is caused by a third-party pop-up overlay vulnerability in the iConnect module
| VAR-202205-1188 | CVE-2021-46789 | Huawei of EMUI and Magic UI Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. Huawei of EMUI and Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI EMUI is a mobile operating system developed by China Huawei (HUAWEI) based on Android
| VAR-202205-0951 | CVE-2022-29033 | Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
| VAR-202205-1003 | CVE-2022-1674 | vim/vim In NULL Pointer dereference vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Vim, gVim: Multiple Vulnerabilities
Date: August 21, 2022
Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231
ID: 202208-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Vim, the worst of which
could result in denial of service.
Background
=========
Vim is an efficient, highly configurable improved version of the classic
‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060
2 app-editors/vim < 9.0.0060 >= 9.0.0060
3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
==========
Multiple vulnerabilities have been discovered in Vim and gVim. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Vim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
=========
[ 1 ] CVE-2021-3770
https://nvd.nist.gov/vuln/detail/CVE-2021-3770
[ 2 ] CVE-2021-3778
https://nvd.nist.gov/vuln/detail/CVE-2021-3778
[ 3 ] CVE-2021-3796
https://nvd.nist.gov/vuln/detail/CVE-2021-3796
[ 4 ] CVE-2021-3872
https://nvd.nist.gov/vuln/detail/CVE-2021-3872
[ 5 ] CVE-2021-3875
https://nvd.nist.gov/vuln/detail/CVE-2021-3875
[ 6 ] CVE-2021-3927
https://nvd.nist.gov/vuln/detail/CVE-2021-3927
[ 7 ] CVE-2021-3928
https://nvd.nist.gov/vuln/detail/CVE-2021-3928
[ 8 ] CVE-2021-3968
https://nvd.nist.gov/vuln/detail/CVE-2021-3968
[ 9 ] CVE-2021-3973
https://nvd.nist.gov/vuln/detail/CVE-2021-3973
[ 10 ] CVE-2021-3974
https://nvd.nist.gov/vuln/detail/CVE-2021-3974
[ 11 ] CVE-2021-3984
https://nvd.nist.gov/vuln/detail/CVE-2021-3984
[ 12 ] CVE-2021-4019
https://nvd.nist.gov/vuln/detail/CVE-2021-4019
[ 13 ] CVE-2021-4069
https://nvd.nist.gov/vuln/detail/CVE-2021-4069
[ 14 ] CVE-2021-4136
https://nvd.nist.gov/vuln/detail/CVE-2021-4136
[ 15 ] CVE-2021-4166
https://nvd.nist.gov/vuln/detail/CVE-2021-4166
[ 16 ] CVE-2021-4173
https://nvd.nist.gov/vuln/detail/CVE-2021-4173
[ 17 ] CVE-2021-4187
https://nvd.nist.gov/vuln/detail/CVE-2021-4187
[ 18 ] CVE-2021-4192
https://nvd.nist.gov/vuln/detail/CVE-2021-4192
[ 19 ] CVE-2021-4193
https://nvd.nist.gov/vuln/detail/CVE-2021-4193
[ 20 ] CVE-2021-46059
https://nvd.nist.gov/vuln/detail/CVE-2021-46059
[ 21 ] CVE-2022-0128
https://nvd.nist.gov/vuln/detail/CVE-2022-0128
[ 22 ] CVE-2022-0156
https://nvd.nist.gov/vuln/detail/CVE-2022-0156
[ 23 ] CVE-2022-0158
https://nvd.nist.gov/vuln/detail/CVE-2022-0158
[ 24 ] CVE-2022-0213
https://nvd.nist.gov/vuln/detail/CVE-2022-0213
[ 25 ] CVE-2022-0261
https://nvd.nist.gov/vuln/detail/CVE-2022-0261
[ 26 ] CVE-2022-0318
https://nvd.nist.gov/vuln/detail/CVE-2022-0318
[ 27 ] CVE-2022-0319
https://nvd.nist.gov/vuln/detail/CVE-2022-0319
[ 28 ] CVE-2022-0351
https://nvd.nist.gov/vuln/detail/CVE-2022-0351
[ 29 ] CVE-2022-0359
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
[ 30 ] CVE-2022-0361
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
[ 31 ] CVE-2022-0368
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
[ 32 ] CVE-2022-0392
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
[ 33 ] CVE-2022-0393
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
[ 34 ] CVE-2022-0407
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
[ 35 ] CVE-2022-0408
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
[ 36 ] CVE-2022-0413
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
[ 37 ] CVE-2022-0417
https://nvd.nist.gov/vuln/detail/CVE-2022-0417
[ 38 ] CVE-2022-0443
https://nvd.nist.gov/vuln/detail/CVE-2022-0443
[ 39 ] CVE-2022-0554
https://nvd.nist.gov/vuln/detail/CVE-2022-0554
[ 40 ] CVE-2022-0629
https://nvd.nist.gov/vuln/detail/CVE-2022-0629
[ 41 ] CVE-2022-0685
https://nvd.nist.gov/vuln/detail/CVE-2022-0685
[ 42 ] CVE-2022-0714
https://nvd.nist.gov/vuln/detail/CVE-2022-0714
[ 43 ] CVE-2022-0729
https://nvd.nist.gov/vuln/detail/CVE-2022-0729
[ 44 ] CVE-2022-0943
https://nvd.nist.gov/vuln/detail/CVE-2022-0943
[ 45 ] CVE-2022-1154
https://nvd.nist.gov/vuln/detail/CVE-2022-1154
[ 46 ] CVE-2022-1160
https://nvd.nist.gov/vuln/detail/CVE-2022-1160
[ 47 ] CVE-2022-1381
https://nvd.nist.gov/vuln/detail/CVE-2022-1381
[ 48 ] CVE-2022-1420
https://nvd.nist.gov/vuln/detail/CVE-2022-1420
[ 49 ] CVE-2022-1616
https://nvd.nist.gov/vuln/detail/CVE-2022-1616
[ 50 ] CVE-2022-1619
https://nvd.nist.gov/vuln/detail/CVE-2022-1619
[ 51 ] CVE-2022-1620
https://nvd.nist.gov/vuln/detail/CVE-2022-1620
[ 52 ] CVE-2022-1621
https://nvd.nist.gov/vuln/detail/CVE-2022-1621
[ 53 ] CVE-2022-1629
https://nvd.nist.gov/vuln/detail/CVE-2022-1629
[ 54 ] CVE-2022-1674
https://nvd.nist.gov/vuln/detail/CVE-2022-1674
[ 55 ] CVE-2022-1720
https://nvd.nist.gov/vuln/detail/CVE-2022-1720
[ 56 ] CVE-2022-1733
https://nvd.nist.gov/vuln/detail/CVE-2022-1733
[ 57 ] CVE-2022-1735
https://nvd.nist.gov/vuln/detail/CVE-2022-1735
[ 58 ] CVE-2022-1769
https://nvd.nist.gov/vuln/detail/CVE-2022-1769
[ 59 ] CVE-2022-1771
https://nvd.nist.gov/vuln/detail/CVE-2022-1771
[ 60 ] CVE-2022-1785
https://nvd.nist.gov/vuln/detail/CVE-2022-1785
[ 61 ] CVE-2022-1796
https://nvd.nist.gov/vuln/detail/CVE-2022-1796
[ 62 ] CVE-2022-1851
https://nvd.nist.gov/vuln/detail/CVE-2022-1851
[ 63 ] CVE-2022-1886
https://nvd.nist.gov/vuln/detail/CVE-2022-1886
[ 64 ] CVE-2022-1897
https://nvd.nist.gov/vuln/detail/CVE-2022-1897
[ 65 ] CVE-2022-1898
https://nvd.nist.gov/vuln/detail/CVE-2022-1898
[ 66 ] CVE-2022-1927
https://nvd.nist.gov/vuln/detail/CVE-2022-1927
[ 67 ] CVE-2022-1942
https://nvd.nist.gov/vuln/detail/CVE-2022-1942
[ 68 ] CVE-2022-1968
https://nvd.nist.gov/vuln/detail/CVE-2022-1968
[ 69 ] CVE-2022-2000
https://nvd.nist.gov/vuln/detail/CVE-2022-2000
[ 70 ] CVE-2022-2042
https://nvd.nist.gov/vuln/detail/CVE-2022-2042
[ 71 ] CVE-2022-2124
https://nvd.nist.gov/vuln/detail/CVE-2022-2124
[ 72 ] CVE-2022-2125
https://nvd.nist.gov/vuln/detail/CVE-2022-2125
[ 73 ] CVE-2022-2126
https://nvd.nist.gov/vuln/detail/CVE-2022-2126
[ 74 ] CVE-2022-2129
https://nvd.nist.gov/vuln/detail/CVE-2022-2129
[ 75 ] CVE-2022-2175
https://nvd.nist.gov/vuln/detail/CVE-2022-2175
[ 76 ] CVE-2022-2182
https://nvd.nist.gov/vuln/detail/CVE-2022-2182
[ 77 ] CVE-2022-2183
https://nvd.nist.gov/vuln/detail/CVE-2022-2183
[ 78 ] CVE-2022-2206
https://nvd.nist.gov/vuln/detail/CVE-2022-2206
[ 79 ] CVE-2022-2207
https://nvd.nist.gov/vuln/detail/CVE-2022-2207
[ 80 ] CVE-2022-2208
https://nvd.nist.gov/vuln/detail/CVE-2022-2208
[ 81 ] CVE-2022-2210
https://nvd.nist.gov/vuln/detail/CVE-2022-2210
[ 82 ] CVE-2022-2231
https://nvd.nist.gov/vuln/detail/CVE-2022-2231
[ 83 ] CVE-2022-2257
https://nvd.nist.gov/vuln/detail/CVE-2022-2257
[ 84 ] CVE-2022-2264
https://nvd.nist.gov/vuln/detail/CVE-2022-2264
[ 85 ] CVE-2022-2284
https://nvd.nist.gov/vuln/detail/CVE-2022-2284
[ 86 ] CVE-2022-2285
https://nvd.nist.gov/vuln/detail/CVE-2022-2285
[ 87 ] CVE-2022-2286
https://nvd.nist.gov/vuln/detail/CVE-2022-2286
[ 88 ] CVE-2022-2287
https://nvd.nist.gov/vuln/detail/CVE-2022-2287
[ 89 ] CVE-2022-2288
https://nvd.nist.gov/vuln/detail/CVE-2022-2288
[ 90 ] CVE-2022-2289
https://nvd.nist.gov/vuln/detail/CVE-2022-2289
[ 91 ] CVE-2022-2304
https://nvd.nist.gov/vuln/detail/CVE-2022-2304
[ 92 ] CVE-2022-2343
https://nvd.nist.gov/vuln/detail/CVE-2022-2343
[ 93 ] CVE-2022-2344
https://nvd.nist.gov/vuln/detail/CVE-2022-2344
[ 94 ] CVE-2022-2345
https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-5723-1
November 14, 2022
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially
crafted patterns.
(CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when
searching specially crafted patterns. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when
auto-indenting lisp. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when
performing spelling suggestions. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially
crafted command line expressions. An attacker could possibly use this to
crash Vim, access or modify memory, or execute arbitrary commands.
(CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size
changed. An attacker could possibly use this to crash Vim, access or modify
memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's
spelldump. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
vim 2:7.4.1689-3ubuntu1.5+esm13
vim-athena 2:7.4.1689-3ubuntu1.5+esm13
vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-gnome 2:7.4.1689-3ubuntu1.5+esm13
vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-nox 2:7.4.1689-3ubuntu1.5+esm13
vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5723-1
CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304
| VAR-202205-0950 | CVE-2022-29032 | Siemens JT2GO and Siemens Teamcenter Visualization Resource Management Error Vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
| VAR-202205-1037 | CVE-2022-23139 | ZTE of zxmp m721 Fraudulent Authentication Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. ZTE of zxmp m721 An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) device of China ZTE Corporation (ZTE). Attackers can use this vulnerability to obtain higher permissions