VARIoT IoT vulnerabilities database
| VAR-202203-0141 | CVE-2022-22667 | iOS and iPadOS Vulnerability in using free memory in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. iOS and iPadOS Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202203-0113 | CVE-2022-22612 | plural Apple Buffer error vulnerability in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. plural Apple The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
iOS 15.4 and iPadOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213182.
Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-22633: an anonymous researcher
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-22634: an anonymous researcher
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22635: an anonymous researcher
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22636: an anonymous researcher
Cellular
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access may be able to view and modify
the carrier account information and settings from the lock screen
Description: The GSMA authentication panel could be presented on the
lock screen. The issue was resolved by requiring device unlock to
interact with the GSMA authentication panel.
CVE-2022-22652: Kağan Eğlence (linkedin.com/in/kaganeglence)
CoreMedia
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: An issue with app access to camera metadata was
addressed with improved logic.
CVE-2022-22598: Will Blaschko of Team Quasko
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22642: Yicong Ding (@AntonioDing)
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may send audio and video in a FaceTime call without
knowing that they have done so
Description: This issue was addressed with improved checks.
CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael
Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa
of Rutgers University, and Bao Nguyen of the University of Florida
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22667: Justin Sherman of the University of Maryland,
Baltimore County
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of Google
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-22612: Xingyu Jin of Google
IOGPUFamily
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22641: Mohamed Ghannam (@_simo36)
iTunes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to access information about
the user and their devices
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22653: Aymeric Chaib of CERT Banque de France
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22596: an anonymous researcher
CVE-2022-22640: sqrtpwn
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: Alex, an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22632: Keegan Saunders
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)
libarchive
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
CVE-2021-36976
Markup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22622: Ingyu Lim (@_kanarena)
MediaRemote
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-22670: Brandon Azad
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2022-22659: an anonymous researcher
Phone
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22618: Yicong Ding (@AntonioDing)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to read other
applications' settings
Description: The issue was addressed with additional permissions
checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,
Khiem Tran
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to a device may be able to use
Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,
McCombs School of Business (linkedin.com/andrew-goldberg/)
SoftwareUpdate
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22639: Mickey (@patch1t)
UIKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt
VoiceOver
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22671: videosdebarraquito
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro
Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may cause unexpected cross-origin
behavior
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22668: MrPhil17
Additional recognition
AirDrop
We would like to acknowledge Omar Espino (omespino.com), Ron Masas of
BreakPoint.sh for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
Music
We would like to acknowledge Vishesh Balani of Urban Company for
their assistance.
Notes
We would like to acknowledge Abhishek Bansal of Wipro Technologies
for their assistance.
Safari
We would like to acknowledge Konstantin Darutkin of FingerprintJS
(fingerprintjs.com) for their assistance.
Shortcuts
We would like to acknowledge Baibhav Anand Jha of Streamers Land for
their assistance.
Siri
We would like to acknowledge an anonymous researcher for their
assistance.
syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.
UIKit
We would like to acknowledge Tim Shadel of Day Logger, Inc. for their
assistance.
Wallet
We would like to acknowledge an anonymous researcher for their
assistance.
WebKit
We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage
We would like to acknowledge Martin Bajanik of FingerprintJS for
their assistance.
WidgetKit
We would like to acknowledge an anonymous researcher for their
assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.4 and iPadOS 15.4".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0TcACgkQeC9qKD1p
rhj47A/+MzBA5K7GNgX0pmF5XTfPFtPjM28knSOslgaK2A6VgfKC6WS8QXVnq0WU
VWvh8L7zSxBtJ9yXe/d+/zDV2XJflUTda7sRtusmVGsj4uUd3wqONpoh2bHdkSga
NTZgEic+vEY0MMj5KrHJzbc3m4DL/dQ9KTpGpxdTztTc3C2j3baCR4ky73+iuoha
iTxgx27zqgllL/+qDFpyCcfyOI/53kvJ4AP09/q0UKoJSajwcGTiF9GysLM+1IJD
0t+h7KQ+1v38zI2fYhiyH47c+JJN4PqeHL9DSj6f1RcVTwFUAeuv86fugz8ed/BZ
wwp+U7rJ2RS4zU/1hiDu5LDqbo6VW6yIslVEU0Qmtbf2KcTekGRX/Jqp/kJyOguj
IexhEcOY3ADsjJ7MMX7rFRLcBcUpWTE9UM15+O8z6n5XCI3yCZAjHj49LkCK60PM
/Ay/rFia+MBwnGvs+gZFiO742HSHCh2++jdNYN648JaefqXr8Ym4HnfpNRC7bzMg
+m16dur8gHpk7FKNaKRLCkfJGV0dqeGYrtrXGtxSTWWfXQ2Ty7boJ7VEnWclqqCf
Bqg2gkaioNQ/tkmjfqhdqBd23DQCpiYPuLdp4nY4KuXOhX7dqAUCFWYfRK9MHqo5
2FcNIE6xQexHv+6SIPOXnejpPXoV5OEku0Y/11mz8/Myiy2Imvk=
=/IfW
-----END PGP SIGNATURE-----
.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.79.1.
CVE-2021-36976
Login Window
Available for: macOS Monterey
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker
Available for: macOS Monterey
Impact: A malicious application may be able to access information
about a user's contacts
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences
Available for: macOS Monterey
Impact: An app may be able to spoof system notifications and UI
Description: This issue was addressed with a new entitlement.
CVE-2022-22621: Joey Hewitt
Vim
Available for: macOS Monterey
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2021-4136
CVE-2021-4166
CVE-2021-4173
CVE-2021-4187
CVE-2021-4192
CVE-2021-4193
CVE-2021-46059
CVE-2022-0128
CVE-2022-0156
CVE-2022-0158
VoiceOver
Available for: macOS Monterey
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-22668: MrPhil17
xar
Available for: macOS Monterey
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.
Password Manager
We would like to acknowledge Maximilian Golla (@m33x) of Max Planck
Institute for Security and Privacy (MPI-SP) for their assistance
| VAR-202203-0151 | CVE-2022-22616 | macOS Vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. macOS Exists in unspecified vulnerabilities.Information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213183.
Accelerate Framework
Available for: macOS Monterey
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-22633: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22669: an anonymous researcher
AppKit
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous researcher
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro
CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.79.1.
CVE-2021-22946
CVE-2021-22947
CVE-2021-22945
CVE-2022-22623
FaceTime
Available for: macOS Monterey
Impact: A user may send audio and video in a FaceTime call without
knowing that they have done so
Description: This issue was addressed with improved checks.
CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael
Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa
of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of Google
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba
Security Pandora Lab
IOGPUFamily
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: Alex, an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22632: Keegan Saunders
Kernel
Available for: macOS Monterey
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22640: sqrtpwn
libarchive
Available for: macOS Monterey
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
CVE-2021-36976
Login Window
Available for: macOS Monterey
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22647: an anonymous researcher
LoginWindow
Available for: macOS Monterey
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22656
GarageBand MIDI
Available for: macOS Monterey
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI
Available for: macOS Monterey
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker
Available for: macOS Monterey
Impact: A malicious application may be able to access information
about a user's contacts
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2022-22644: an anonymous researcher
PackageKit
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22617: Mickey Jin (@patch1t)
Preferences
Available for: macOS Monterey
Impact: A malicious application may be able to read other
applications' settings
Description: The issue was addressed with additional permissions
checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox
Available for: macOS Monterey
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,
Khiem Tran
Siri
Available for: macOS Monterey
Impact: A person with physical access to a device may be able to use
Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,
McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences
Available for: macOS Monterey
Impact: An app may be able to spoof system notifications and UI
Description: This issue was addressed with a new entitlement.
CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit
Available for: macOS Monterey
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt
Vim
Available for: macOS Monterey
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2021-4136
CVE-2021-4166
CVE-2021-4173
CVE-2021-4187
CVE-2021-4192
CVE-2021-4193
CVE-2021-46059
CVE-2022-0128
CVE-2022-0156
CVE-2022-0158
VoiceOver
Available for: macOS Monterey
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2021-30918: an anonymous researcher
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro
Zero Day Initiative
WebKit
Available for: macOS Monterey
Impact: A malicious website may cause unexpected cross-origin
behavior
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22668: MrPhil17
xar
Available for: macOS Monterey
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop
We would like to acknowledge Omar Espino (omespino.com), Ron Masas of
BreakPoint.sh for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher, chenyuwang
(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery
We would like to acknowledge Tian Zhang (@KhaosT) for their
assistance.
Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.
Local Authentication
We would like to acknowledge an anonymous researcher for their
assistance.
Notes
We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies
for their assistance.
Password Manager
We would like to acknowledge Maximilian Golla (@m33x) of Max Planck
Institute for Security and Privacy (MPI-SP) for their assistance.
Siri
We would like to acknowledge an anonymous researcher for their
assistance.
syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.
TCC
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge Tim Shadel of Day Logger, Inc. for their
assistance.
WebKit
We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage
We would like to acknowledge Martin Bajanik of FingerprintJS for
their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p
rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd
LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC
jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM
0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL
osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa
rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/
KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB
L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi
kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ
JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo
GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=
=RiA+
-----END PGP SIGNATURE-----
| VAR-202203-0101 | CVE-2022-22605 | Xcode Out-of-bounds read vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. Xcode Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. Apple Xcode versions prior to 13.3 have an out-of-bounds read vulnerability. The vulnerability is caused by a boundary error when processing files in otool. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-7 Xcode 13.3
Xcode 13.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213189.
iTMSTransporter
Available for: macOS Monterey 12 and later
Impact: Multiple issues in iTMSTransporter
Description: Multiple issues were addressed with updating FasterXML
jackson-databind and Apache Log4j2.
CVE-2022-22601: hjy79425575
CVE-2022-22602: hjy79425575
CVE-2022-22603: hjy79425575
CVE-2022-22604: hjy79425575
CVE-2022-22605: hjy79425575
CVE-2022-22606: hjy79425575
CVE-2022-22607: hjy79425575
CVE-2022-22608: hjy79425575
Additional recognition
iTMSTransporter
We would like to acknowledge Anthony Shaw of Microsoft for their
assistance.
ld64
We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba
Security Pandora Lab for their assistance.
Xcode IDE
We would like to acknowledge an anonymous researcher for their
assistance.
Xcode 13.3 may be obtained from:
https://developer.apple.com/xcode/downloads/ To check that the Xcode
has been updated: * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 13.3".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxkACgkQeC9qKD1p
rhgTfRAA389W9ZYj+RMeet6hyBYIeftGEUGKTwm4K5Ufo4RJTumsdRB+ivJz8Oed
EFCRcyWHwnM5BZ+ufWnOf1BAijmd1SjlIUwl2zs9SyuULPMybucXKRMfnA2SYgEx
ysNlljwsnS7/udREPfMQoJ2gIGYrISt0TxitZnRE9a7mD3r13KwyY3DpjnOxRavL
op5AypLkovUA4ljmsLMgIjTHWt4dyDMPCJB/sRchxBDG5tzxcAZvKA/TkvCDMwiF
z3yq4yN4ESXo3p9p3KD4bQmGD16dZ7TuxKuCfZpVKT1bFP8wWAHUhY3S7vJ9GDS+
6cShJ1oIk4/3FFeo98SEgKn8wE1p15DM4DxaqVcWvPuLNpzipQlcmyuicgntZBmO
2wBZED2pfewMiMy+CeX0jDWj6m79cW3g30TYS0P5QQOcWcRme63acE4wJ31uawd2
6jZfYpnpvw6dSsouBcCcZT9sNOuV8r9l5XePJQu37UGjmZuESuLgfZdiymaQunOl
f/mPe+C+KgBJ3MEEqbEoU4CqWC/pGtQtyMpepyYdiN14pDLhbhaeJ1T/XDc5O4OB
qqNyHocYAm1LUBgEspbHa1EtHQlDk1i5iWGwQMMaLkenKGzlf00bU0hYPISXH8oi
am4a0XUz6Y7AjY+TyRU/tuwaIiuzoUIDNELsJPm7PA+QiF370XI=cKC5
-----END PGP SIGNATURE-----
| VAR-202203-0117 | CVE-2022-22600 | Apple tvOS Permission Licensing and Access Control Issue Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
iOS 15.4 and iPadOS 15.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213182.
Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-22633: an anonymous researcher
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-22634: an anonymous researcher
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22635: an anonymous researcher
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22636: an anonymous researcher
Cellular
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access may be able to view and modify
the carrier account information and settings from the lock screen
Description: The GSMA authentication panel could be presented on the
lock screen. The issue was resolved by requiring device unlock to
interact with the GSMA authentication panel.
CVE-2022-22652: Kağan Eğlence (linkedin.com/in/kaganeglence)
CoreMedia
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to learn information about the current
camera view before being granted camera access
Description: An issue with app access to camera metadata was
addressed with improved logic.
CVE-2022-22598: Will Blaschko of Team Quasko
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22642: Yicong Ding (@AntonioDing)
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may send audio and video in a FaceTime call without
knowing that they have done so
Description: This issue was addressed with improved checks.
CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael
Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa
of Rutgers University, and Bao Nguyen of the University of Florida
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22667: Justin Sherman of the University of Maryland,
Baltimore County
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of Google
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-22612: Xingyu Jin of Google
IOGPUFamily
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22641: Mohamed Ghannam (@_simo36)
iTunes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to access information about
the user and their devices
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22653: Aymeric Chaib of CERT Banque de France
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22596: an anonymous researcher
CVE-2022-22640: sqrtpwn
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: Alex, an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22632: Keegan Saunders
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)
libarchive
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
CVE-2021-36976
Markup
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22622: Ingyu Lim (@_kanarena)
MediaRemote
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-22670: Brandon Azad
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2022-22659: an anonymous researcher
Phone
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22618: Yicong Ding (@AntonioDing)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to read other
applications' settings
Description: The issue was addressed with additional permissions
checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,
Khiem Tran
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to a device may be able to use
Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,
McCombs School of Business (linkedin.com/andrew-goldberg/)
SoftwareUpdate
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22639: Mickey (@patch1t)
UIKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt
VoiceOver
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access photos from the lock screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22671: videosdebarraquito
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro
Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may cause unexpected cross-origin
behavior
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22668: MrPhil17
Additional recognition
AirDrop
We would like to acknowledge Omar Espino (omespino.com), Ron Masas of
BreakPoint.sh for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
Music
We would like to acknowledge Vishesh Balani of Urban Company for
their assistance.
Notes
We would like to acknowledge Abhishek Bansal of Wipro Technologies
for their assistance.
Safari
We would like to acknowledge Konstantin Darutkin of FingerprintJS
(fingerprintjs.com) for their assistance.
Shortcuts
We would like to acknowledge Baibhav Anand Jha of Streamers Land for
their assistance.
Siri
We would like to acknowledge an anonymous researcher for their
assistance.
syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.
UIKit
We would like to acknowledge Tim Shadel of Day Logger, Inc. for their
assistance.
Wallet
We would like to acknowledge an anonymous researcher for their
assistance.
WebKit
We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage
We would like to acknowledge Martin Bajanik of FingerprintJS for
their assistance.
WidgetKit
We would like to acknowledge an anonymous researcher for their
assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.4 and iPadOS 15.4".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0TcACgkQeC9qKD1p
rhj47A/+MzBA5K7GNgX0pmF5XTfPFtPjM28knSOslgaK2A6VgfKC6WS8QXVnq0WU
VWvh8L7zSxBtJ9yXe/d+/zDV2XJflUTda7sRtusmVGsj4uUd3wqONpoh2bHdkSga
NTZgEic+vEY0MMj5KrHJzbc3m4DL/dQ9KTpGpxdTztTc3C2j3baCR4ky73+iuoha
iTxgx27zqgllL/+qDFpyCcfyOI/53kvJ4AP09/q0UKoJSajwcGTiF9GysLM+1IJD
0t+h7KQ+1v38zI2fYhiyH47c+JJN4PqeHL9DSj6f1RcVTwFUAeuv86fugz8ed/BZ
wwp+U7rJ2RS4zU/1hiDu5LDqbo6VW6yIslVEU0Qmtbf2KcTekGRX/Jqp/kJyOguj
IexhEcOY3ADsjJ7MMX7rFRLcBcUpWTE9UM15+O8z6n5XCI3yCZAjHj49LkCK60PM
/Ay/rFia+MBwnGvs+gZFiO742HSHCh2++jdNYN648JaefqXr8Ym4HnfpNRC7bzMg
+m16dur8gHpk7FKNaKRLCkfJGV0dqeGYrtrXGtxSTWWfXQ2Ty7boJ7VEnWclqqCf
Bqg2gkaioNQ/tkmjfqhdqBd23DQCpiYPuLdp4nY4KuXOhX7dqAUCFWYfRK9MHqo5
2FcNIE6xQexHv+6SIPOXnejpPXoV5OEku0Y/11mz8/Myiy2Imvk=
=/IfW
-----END PGP SIGNATURE-----
.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.79.1.
CVE-2021-36976
Login Window
Available for: macOS Monterey
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker
Available for: macOS Monterey
Impact: A malicious application may be able to access information
about a user's contacts
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences
Available for: macOS Monterey
Impact: An app may be able to spoof system notifications and UI
Description: This issue was addressed with a new entitlement.
CVE-2022-22621: Joey Hewitt
Vim
Available for: macOS Monterey
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2021-4136
CVE-2021-4166
CVE-2021-4173
CVE-2021-4187
CVE-2021-4192
CVE-2021-4193
CVE-2021-46059
CVE-2022-0128
CVE-2022-0156
CVE-2022-0158
VoiceOver
Available for: macOS Monterey
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-22668: MrPhil17
xar
Available for: macOS Monterey
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.
Password Manager
We would like to acknowledge Maximilian Golla (@m33x) of Max Planck
Institute for Security and Privacy (MPI-SP) for their assistance
| VAR-202203-0137 | CVE-2022-22666 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-2 watchOS 8.5
watchOS 8.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213193.
Accelerate Framework
Available for: Apple Watch Series 3 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22612: Xingyu Jin of Google
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22596: an anonymous researcher
CVE-2022-22640: sqrtpwn
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: Alex, an anonymous researcher
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22632: Keegan Saunders
Kernel
Available for: Apple Watch Series 3 and later
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)
libarchive
Available for: Apple Watch Series 3 and later
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
CVE-2021-36976
MediaRemote
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-22670: Brandon Azad
Phone
Available for: Apple Watch Series 3 and later
Impact: A user may be able to bypass the Emergency SOS passcode
prompt
Description: This issue was addressed with improved checks.
CVE-2022-22618: Yicong Ding (@AntonioDing)
Preferences
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read other
applications' settings
Description: The issue was addressed with additional permissions
checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: Apple Watch Series 3 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A user interface issue was addressed.
CVE-2022-22654: Abdullah Md Shaleh of take0ver
Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,
Khiem Tran
Siri
Available for: Apple Watch Series 3 and later
Impact: A person with physical access to a device may be able to use
Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,
McCombs School of Business (linkedin.com/andrew-goldberg/)
UIKit
Available for: Apple Watch Series 3 and later
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro
Zero Day Initiative
WebKit
Available for: Apple Watch Series 3 and later
Impact: A malicious website may cause unexpected cross-origin
behavior
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google
Additional recognition
AirDrop
We would like to acknowledge Omar Espino (omespino.com), Ron Masas of
BreakPoint.sh for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
Face Gallery
We would like to acknowledge Tian Zhang (@KhaosT) for their
assistance.
Safari
We would like to acknowledge Konstantin Darutkin of FingerprintJS
(fingerprintjs.com) for their assistance.
Shortcuts
We would like to acknowledge Baibhav Anand Jha of Streamers Land for
their assistance.
Siri
We would like to acknowledge an anonymous researcher for their
assistance.
syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.
UIKit
We would like to acknowledge Tim Shadel of Day Logger, Inc. for their
assistance.
Wallet
We would like to acknowledge an anonymous researcher for their
assistance.
WebKit
We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage
We would like to acknowledge Martin Bajanik of FingerprintJS for
their assistance.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0XwACgkQeC9qKD1p
rhg7xg/+OVmgvQa8AfIpDqKoFyJQxRWv5eurCr0FWdtmUFmaqSZx1/gIGApxEIX9
Y2b9tEvhejRuUOkX4vpJcYvDsad6NvColSho5it16Hj3aRU3R4VseRmsVbaTwoap
MQWRT+EHtB1zWOz9kGTFN6xScPVpnc18IrACQqO5SYB/ovvA6iNlee5OoQtWANd9
0Wm9/MHwVUng2MXmjeDNZ5C8cHt41W4/8brZFBqoThDeaGb+dx/KLNzlzIpN7ttC
eCD2xXo6F+Q5uKUuwZHVm2g+PyV6CmeBtZYHGzGGo18fLLreBq7oUBf+KNzRxdTG
x517r3SfjnwScVO/NJXa33fWHOrlNWvNwOHPsp1JgX1B/YVGSoJDIWxu3kAdOQ6b
Z5ts7CIV8MOchvYG64UVO/Lt4e2/ABlkxF5vRD0k2KRIOWQh7mvTy0b4Reu2sbGF
t088QoinhRgWU+JXYSUZ4Nex5lelcF9F2SlOh2CS+VmvfzatV0NiTTPTknP+2/pZ
sLPO3oEmoqYczdviEtAZ3ghSrPWqqx1W2xBvnCTlteIZiIprgU/ZOcLaQiaHZ5c5
GKyxZCgguW40SzjrcdnbN9KSk+Pwta5oiKhzA43M+fl25jIic1rTvQIc91uL6/7O
9BSRyu2ZW0bfZEkgjPQF2ui4IBfZ81ayEsmh/e41JCbXnGvNFtY=K1Lq
-----END PGP SIGNATURE-----
| VAR-202203-0089 | CVE-2022-22603 | Xcode Out-of-bounds read vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. Xcode Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. The vulnerability is caused by a boundary error when processing files in otool. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-7 Xcode 13.3
Xcode 13.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213189.
iTMSTransporter
Available for: macOS Monterey 12 and later
Impact: Multiple issues in iTMSTransporter
Description: Multiple issues were addressed with updating FasterXML
jackson-databind and Apache Log4j2.
CVE-2022-22601: hjy79425575
CVE-2022-22602: hjy79425575
CVE-2022-22603: hjy79425575
CVE-2022-22604: hjy79425575
CVE-2022-22605: hjy79425575
CVE-2022-22606: hjy79425575
CVE-2022-22607: hjy79425575
CVE-2022-22608: hjy79425575
Additional recognition
iTMSTransporter
We would like to acknowledge Anthony Shaw of Microsoft for their
assistance.
ld64
We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of Alibaba
Security Pandora Lab for their assistance.
Xcode IDE
We would like to acknowledge an anonymous researcher for their
assistance.
Xcode 13.3 may be obtained from:
https://developer.apple.com/xcode/downloads/ To check that the Xcode
has been updated: * Select Xcode in the menu bar * Select About
Xcode * The version after applying this update will be "Xcode 13.3".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxkACgkQeC9qKD1p
rhgTfRAA389W9ZYj+RMeet6hyBYIeftGEUGKTwm4K5Ufo4RJTumsdRB+ivJz8Oed
EFCRcyWHwnM5BZ+ufWnOf1BAijmd1SjlIUwl2zs9SyuULPMybucXKRMfnA2SYgEx
ysNlljwsnS7/udREPfMQoJ2gIGYrISt0TxitZnRE9a7mD3r13KwyY3DpjnOxRavL
op5AypLkovUA4ljmsLMgIjTHWt4dyDMPCJB/sRchxBDG5tzxcAZvKA/TkvCDMwiF
z3yq4yN4ESXo3p9p3KD4bQmGD16dZ7TuxKuCfZpVKT1bFP8wWAHUhY3S7vJ9GDS+
6cShJ1oIk4/3FFeo98SEgKn8wE1p15DM4DxaqVcWvPuLNpzipQlcmyuicgntZBmO
2wBZED2pfewMiMy+CeX0jDWj6m79cW3g30TYS0P5QQOcWcRme63acE4wJ31uawd2
6jZfYpnpvw6dSsouBcCcZT9sNOuV8r9l5XePJQu37UGjmZuESuLgfZdiymaQunOl
f/mPe+C+KgBJ3MEEqbEoU4CqWC/pGtQtyMpepyYdiN14pDLhbhaeJ1T/XDc5O4OB
qqNyHocYAm1LUBgEspbHa1EtHQlDk1i5iWGwQMMaLkenKGzlf00bU0hYPISXH8oi
am4a0XUz6Y7AjY+TyRU/tuwaIiuzoUIDNELsJPm7PA+QiF370XI=cKC5
-----END PGP SIGNATURE-----
| VAR-202203-0158 | CVE-2022-22597 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213183.
Accelerate Framework
Available for: macOS Monterey
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-22633: an anonymous researcher
AMD
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22669: an anonymous researcher
AppKit
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous researcher
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro
CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl
Available for: macOS Monterey
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.79.1.
CVE-2021-22946
CVE-2021-22947
CVE-2021-22945
CVE-2022-22623
FaceTime
Available for: macOS Monterey
Impact: A user may send audio and video in a FaceTime call without
knowing that they have done so
Description: This issue was addressed with improved checks.
CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael
Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa
of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of Google
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba
Security Pandora Lab
IOGPUFamily
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: Alex, an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22614: an anonymous researcher
CVE-2022-22615: an anonymous researcher
Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22632: Keegan Saunders
Kernel
Available for: macOS Monterey
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22640: sqrtpwn
libarchive
Available for: macOS Monterey
Impact: Multiple issues in libarchive
Description: Multiple memory corruption issues existed in libarchive.
CVE-2021-36976
Login Window
Available for: macOS Monterey
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22647: an anonymous researcher
LoginWindow
Available for: macOS Monterey
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI
Available for: macOS Monterey
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker
Available for: macOS Monterey
Impact: A malicious application may be able to access information
about a user's contacts
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2022-22644: an anonymous researcher
PackageKit
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22617: Mickey Jin (@patch1t)
Preferences
Available for: macOS Monterey
Impact: A malicious application may be able to read other
applications' settings
Description: The issue was addressed with additional permissions
checks.
CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player
Available for: macOS Monterey
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads
Available for: macOS Monterey
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox
Available for: macOS Monterey
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: The issue was addressed with improved permissions logic.
CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,
Khiem Tran
Siri
Available for: macOS Monterey
Impact: A person with physical access to a device may be able to use
Siri to obtain some location information from the lock screen
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,
McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB
Available for: macOS Monterey
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate
Available for: macOS Monterey
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences
Available for: macOS Monterey
Impact: An app may be able to spoof system notifications and UI
Description: This issue was addressed with a new entitlement.
CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit
Available for: macOS Monterey
Impact: A person with physical access to an iOS device may be able to
see sensitive information via keyboard suggestions
Description: This issue was addressed with improved checks.
CVE-2022-22621: Joey Hewitt
Vim
Available for: macOS Monterey
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2021-4136
CVE-2021-4166
CVE-2021-4173
CVE-2021-4187
CVE-2021-4192
CVE-2021-4193
CVE-2021-46059
CVE-2022-0128
CVE-2022-0156
CVE-2022-0158
VoiceOver
Available for: macOS Monterey
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2021-30918: an anonymous researcher
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro
Zero Day Initiative
WebKit
Available for: macOS Monterey
Impact: A malicious website may cause unexpected cross-origin
behavior
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google
Wi-Fi
Available for: macOS Monterey
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-22668: MrPhil17
xar
Available for: macOS Monterey
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop
We would like to acknowledge Omar Espino (omespino.com), Ron Masas of
BreakPoint.sh for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher, chenyuwang
(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery
We would like to acknowledge Tian Zhang (@KhaosT) for their
assistance.
Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.
Local Authentication
We would like to acknowledge an anonymous researcher for their
assistance.
Notes
We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies
for their assistance.
Password Manager
We would like to acknowledge Maximilian Golla (@m33x) of Max Planck
Institute for Security and Privacy (MPI-SP) for their assistance.
Siri
We would like to acknowledge an anonymous researcher for their
assistance.
syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.
TCC
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge Tim Shadel of Day Logger, Inc. for their
assistance.
WebKit
We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage
We would like to acknowledge Martin Bajanik of FingerprintJS for
their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p
rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd
LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC
jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM
0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL
osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa
rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/
KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB
L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi
kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ
JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo
GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=
=RiA+
-----END PGP SIGNATURE-----
| VAR-202203-0809 | CVE-2022-26981 | Liblouis Classic buffer overflow vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Liblouis Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5476-1
June 13, 2022
liblouis vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in liblouis.
Software Description:
- liblouis: Braille translation library - utilities
Details:
Han Zheng discovered that Liblouis incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash. This issue was
addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981)
It was discovered that Liblouis incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash. (CVE-2022-31783)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
liblouis-bin 3.20.0-2ubuntu0.1
liblouis20 3.20.0-2ubuntu0.1
Ubuntu 21.10:
liblouis-bin 3.18.0-1ubuntu0.2
liblouis20 3.18.0-1ubuntu0.2
Ubuntu 20.04 LTS:
liblouis-bin 3.12.0-3ubuntu0.1
liblouis20 3.12.0-3ubuntu0.1
Ubuntu 18.04 LTS:
liblouis-bin 3.5.0-1ubuntu0.4
liblouis14 3.5.0-1ubuntu0.4
In general, a standard system update will make all the necessary changes. Alternatively, on your watch, select
"My Watch > General > About".
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-32821: John Aakerblom (@jaakerblom)
Home
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6 and iPadOS 15.6". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202301-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: liblouis: Multiple Vulnerabilities
Date: January 11, 2023
Bugs: #835093
ID: 202301-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in liblouis, the worst of
which could result in denial of service.
Background
==========
liblouis is an open-source braille translator and back-translator.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/liblouis < 3.22.0 >= 3.22.0
Description
===========
Multiple vulnerabilities have been discovered in liblouis. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All liblouis users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/liblouis-3.22.0"
References
==========
[ 1 ] CVE-2022-26981
https://nvd.nist.gov/vuln/detail/CVE-2022-26981
[ 2 ] CVE-2022-31783
https://nvd.nist.gov/vuln/detail/CVE-2022-31783
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202301-06
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213345.
APFS
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu
Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher
Audio
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved checks.
CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)
CoreText
Available for: macOS Monterey
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2022-32793: an anonymous researcher
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones
ICU
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575
ImageIO
Available for: macOS Monterey
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32829: an anonymous researcher
Liblouis
Available for: macOS Monterey
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)
libxml2
Available for: macOS Monterey
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: An issue in the handling of environment variables was
addressed with improved validation.
CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed with improved checks.
CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit
Available for: macOS Monterey
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer
Available for: macOS Monterey
Impact: Processing a maliciously crafted Postscript file may result
in unexpected app termination or disclosure of process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: A user in a privileged network position may be able to leak
sensitive information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update
Available for: macOS Monterey
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump
Available for: macOS Monterey
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed with improved file handling.
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion
Available for: macOS Monterey
Impact: Multiple issues in subversion
Description: Multiple issues were addressed by updating subversion.
CVE-2021-28544: Evgeny Kotkov, visualsvn.com
CVE-2022-24070: Evgeny Kotkov, visualsvn.com
CVE-2022-29046: Evgeny Kotkov, visualsvn.com
CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An access issue was addressed with improvements to the
sandbox.
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit
Available for: macOS Monterey
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative
WebRTC
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi
Available for: macOS Monterey
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Windows Server
Available for: macOS Monterey
Impact: An app may be able to capture a user’s screen
Description: A logic issue was addressed with improved checks.
CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X
We would like to acknowledge Shin Sun of National Taiwan University
for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
Calendar
We would like to acknowledge Joshua Jones for their assistance.
configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
DiskArbitration
We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p
rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b
/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh
6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn
Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa
mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9
V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr
pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD
TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q
WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV
fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n
DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=
=ibIr
-----END PGP SIGNATURE-----
| VAR-202203-1400 | CVE-2020-36518 | FasterXML jackson-databind Buffer error vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1923181 - CVE-2021-22132 elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure
1925237 - CVE-2020-9492 hadoop: WebHDFS client might send SPNEGO authorization header
1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information
1943189 - CVE-2021-22137 elasticsearch: Document disclosure flaw when Document or Field Level Security is used
1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents
1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF
1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame
1954559 - CVE-2021-3520 lz4: memory corruption due to an integer overflow bug caused by memmove argument
1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS
1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure
2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
5. Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications. Bugs fixed (https://bugzilla.redhat.com/):
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
2039403 - CVE-2021-42392 h2: Remote Code Execution in Console
2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown
2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
6. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
The References section of this erratum contains a download link for the
update. You must be logged in to download the update. Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a
distributed backbone that allows microservices and other applications to
share data with extremely high throughput and extremely low latency. Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects
2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data
2129809 - CVE-2022-36944 scala: deserialization gadget chain
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data
2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow
2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function
2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw
2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
5. JIRA issues fixed (https://issues.jboss.org/):
ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state
ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: jackson security update
Advisory ID: RHSA-2023:2312-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2312
Issue date: 2023-05-09
CVE Names: CVE-2020-36518
====================================================================
1. Summary:
An update for jackson-annotations, jackson-core, jackson-databind,
jackson-jaxrs-providers, and jackson-modules-base is now available for Red
Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - noarch
3. Description:
Jackson is a suite of data-processing tools for Java, including the
flagship streaming JSON parser / generator library, matching data-binding
library, and additional modules to process data encoded in various other
data formats.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 9.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source:
jackson-annotations-2.14.1-1.el9.src.rpm
jackson-core-2.14.1-2.el9.src.rpm
jackson-databind-2.14.1-2.el9.src.rpm
jackson-jaxrs-providers-2.14.1-2.el9.src.rpm
jackson-modules-base-2.14.1-2.el9.src.rpm
noarch:
pki-jackson-annotations-2.14.1-1.el9.noarch.rpm
pki-jackson-core-2.14.1-2.el9.noarch.rpm
pki-jackson-databind-2.14.1-2.el9.noarch.rpm
pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch.rpm
pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch.rpm
pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-36518
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZFo1ONzjgjWX9erEAQhQXA//RhJAsKLGfyB+T7HQRwsWYj9OoKCzMCkc
ScXoI5eI1LYKZijOPfLHj63Zp/DO+pAJLCaHdb+S+OKRddCSsHRQPw4x0tBWNPPW
FBcrbxITZEbyW3WWe7BSE9/HK0ckojEJIaxmBYTsRc8zErXMmPLKGAwODWC0ohjs
8RGmfV5Cj8OzhprS0MWKrbydlv/kUzr/vayM870hRGIwg1+vE3owWYLGN8ZAwqcs
3J/N3OMheZiUk3MxPCkk92sJmpuEmGQrPPL2+I5/lXMRo4SEq3sairxkAwER10i1
kXxF8aFwgHYv5oaD06B+PuIFEQ26Clc97oMMbYBEFDYVGa5pIPNZ0dG16QPO9HLT
Co0oFQ/y77HrzmM5FCUI6Zlgt8fccvc2Cg4VGG473zTAkQ0JvsZtbIjH4PVfoMp8
5Rrvk2YZJCTKdjB+7RkgnTZBQ8Xar1XwMBTQ1Zq6Z1b+ERTc8s+ihIOjD86cd+J7
TLPf/fDiy6arGI13lCa81Ssyg2iWOzySHUEag0Fs1eYKWMSoKMuSuywH7e0hjFKG
+AqSml6lTxNvwGZ13ieMGslOGRFk01GR6R2BbwnDicXXhqv1O2kuaDenf9HQBteR
KsTKBi7dBqdoHwGBpVb8gRxntlKQQKsKv1wpA+A2yDFu4umBxcUoZ9fT2WnI12UH
cvdlmKHSc9E=W5RJ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202203-0853 | CVE-2022-22141 | Yokogawa Exaopc Permission Licensing and Access Control Issue Vulnerability |
CVSS V2: 4.4 CVSS V3: 7.8 Severity: HIGH |
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
| VAR-202203-0854 | CVE-2022-22145 | Yokogawa Exaopc Resource Management Error Vulnerability |
CVSS V2: 4.9 CVSS V3: 8.1 Severity: HIGH |
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
| VAR-202203-2097 | No CVE | TOTOLINK A3002RU Exists Unauthorized Access Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TOTOLINK A3002RU is a gigabit dual-band router.
TOTOLINK A3002RU has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202203-0823 | CVE-2022-24421 | Buffer Error Vulnerability in Multiple Dell Products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more
| VAR-202203-0827 | CVE-2021-32009 | Secomea of gatemanager Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Secomea of gatemanager Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202203-1379 | CVE-2022-24420 | Buffer Error Vulnerability in Multiple Dell Products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202203-0855 | CVE-2022-22148 | Yokogawa Exaopc Operating system command injection vulnerability |
CVSS V2: 6.9 CVSS V3: 7.8 Severity: HIGH |
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
| VAR-202203-1378 | CVE-2022-24415 | Buffer Error Vulnerability in Multiple Dell Products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202203-0846 | CVE-2022-21808 | Yokogawa Exaopc Path traversal vulnerability |
CVSS V2: 6.0 CVSS V3: 8.8 Severity: HIGH |
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
| VAR-202203-0822 | CVE-2022-24416 | Buffer Error Vulnerability in Multiple Dell Products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state