exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2022-01-26-2

Apple Security Advisory 2022-01-26-2
Posted Jan 31, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-01-26-2 - macOS Monterey 12.2 addresses buffer overflow, code execution, information leakage, out of bounds write, path sanitization, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-22578, CVE-2022-22579, CVE-2022-22583, CVE-2022-22584, CVE-2022-22585, CVE-2022-22586, CVE-2022-22587, CVE-2022-22589, CVE-2022-22590, CVE-2022-22591, CVE-2022-22592, CVE-2022-22593, CVE-2022-22594
SHA-256 | b1b9147ed80f5a1c3401258628ec67388ba31d66bae4f5e0c944169a87679302

Apple Security Advisory 2022-01-26-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-01-26-2 macOS Monterey 12.2

macOS Monterey 12.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213054.

AMD Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22586: an anonymous researcher

ColorSync
Available for: macOS Monterey
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

Crash Reporter
Available for: macOS Monterey
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2022-22578: an anonymous researcher

iCloud
Available for: macOS Monterey
Impact: An application may be able to access a user's files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed with improved path sanitization.
CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(https://xlab.tencent.com)

Intel Graphics Driver
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto

IOMobileFrameBuffer
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of a report that this issue
may have been actively exploited.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM)
of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri
(@b1n4r1b01)

Kernel
Available for: macOS Monterey
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O
Available for: macOS Monterey
Impact: Processing a maliciously crafted STL file may lead to
unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed with
improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

PackageKit
Available for: macOS Monterey
Impact: An application may be able to access restricted files
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron
Hass (@ronhass7) of Perception Point

WebKit
Available for: macOS Monterey
Impact: Processing a maliciously crafted mail message may lead to
running arbitrary javascript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu
of Palo Alto Networks (paloaltonetworks.com)

WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22590: Toan Pham from Team Orca of Sea Security
(security.sea.com)

WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may prevent
Content Security Policy from being enforced
Description: A logic issue was addressed with improved state
management.
CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage
Available for: macOS Monterey
Impact: A website may be able to track sensitive user information
Description: A cross-origin issue in the IndexDB API was addressed
with improved input validation.
CVE-2022-22594: Martin Bajanik of FingerprintJS

Additional recognition

Kernel
We would like to acknowledge Tao Huang for their assistance.

Metal
We would like to acknowledge Tao Huang for their assistance.

PackageKit
We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin
(@patch1t) of Trend Micro for their assistance.

WebKit
We would like to acknowledge Prakash (@1lastBr3ath) for their
assistance.

Installation note:

This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0zEACgkQeC9qKD1p
rhhFUw/+K0ImMkw8zCjqdJza05Y6mlSa2wAdoVQK4pywYylcWMzemOi9GStr1Tgq
CmA7KFo2hPp/9kh6+SURi91WwUKdNHsDfasjNDqTTOJalQFuKB0erZgEpcprBnHE
lzT2heSJDl58sMSn0hLlGIhLfc+4Ld29FKc3lmtBPGeKY3vUViHLN0s3sZj07twx
Ew7yYkDBkz/e2kGRDByWzmvsSQt+w7HMK+pN1m5CBTZdP8KAHVtbuv8BPtMHKwNJ
1Kzo6nW4MJ9Eds63Lz4A37nqTNxmvsbf4zDSppwAp8NalEHqg5My7PzmK97eh6ap
jS4P4LqdRigTvRMq3eDVh/4Lie+/39nXwdQI6czETvTYzi+iA6k3q1Lsf2eIYzCf
0y4YTKEwIze05Q45YqbbnRDfVGOKtfZOcFVYsMxYBHBMp6LDcLJ9i0+AORX2igoA
dODLICbrHzexa682FDE2RGtgQOtS5k4LJLUggvSeOW/tXN+MovfVTjCIzJSKYltP
eQm8gq3EajaRk4JQcYkxklalyOHVZpkg3+u6Az+xIY5nVVijkuGDqqiCoh62zmsE
kSXZrfuJTIYWbIzpR23xVMyxWBcN4AXDE3xLeZajm0yGnAxpd8CGwb4FhgipcDVE
wwazu76IYBPpP40AyBALO10aXhYjrI+Bj6zI+Ug3msXLhkeICtI=
=WEmw
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close