exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2022-03-14-6

Apple Security Advisory 2022-03-14-6
Posted Mar 15, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-03-14-6 - Security Update 2022-003 Catalina addresses bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2022-22582, CVE-2022-22597, CVE-2022-22613, CVE-2022-22614, CVE-2022-22615, CVE-2022-22616, CVE-2022-22617, CVE-2022-22625, CVE-2022-22626, CVE-2022-22627, CVE-2022-22631, CVE-2022-22638, CVE-2022-22647, CVE-2022-22648, CVE-2022-22650, CVE-2022-22656, CVE-2022-22661, CVE-2022-22662
SHA-256 | 417d1b6673c1cdc4260e913d6ab22e5a1faa6dc579263d923aeb16c65ea1fc60

Apple Security Advisory 2022-03-14-6

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina

Security Update 2022-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213185.

AppleGraphicsControl
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous researcher

AppleScript
Available for: macOS Catalina
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

BOM
Available for: macOS Catalina
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba
Security Pandora Lab

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: an anonymous researcher, Alex

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22615: an anonymous researcher
CVE-2022-22614: an anonymous researcher

Kernel
Available for: macOS Catalina
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)

Login Window
Available for: macOS Catalina
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22647: an anonymous researcher

LoginWindow
Available for: macOS Catalina
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22656

PackageKit
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22617: Mickey Jin (@patch1t)

QuickTime Player
Available for: macOS Catalina
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing

WebKit
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

xar
Available for: macOS Catalina
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2022-22582: Richard Warren of NCC Group

Additional recognition

Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.

syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.

TCC
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Security Update 2022-003 Catalina may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxgACgkQeC9qKD1p
rhg/uBAAospTnt737g43qnKYd7V4FNsRKPQN70a7MQYHkH9VHbKYc59QIuvXpI2/
7E0Ki7cq5QE50rJv95w7FQlLdSZ/u5FI6CVlLIjqqr73vnY0x/eOQxkUsgWNvbJO
l1KH1OZu17YfYd/xNX4h1vGgCV5fkQcG9+8vkylR2xKgoUWkEacrQgu+H+xh5UlN
qp/UCG0iihSpkYRoT5B2rADUrzgMTeOomUh9qrN5xRR4p41hehL0IRPTirs7Opjp
Xi5WzscwaAkDHFMwbuyTxVp8KJzEcSZh4aerLA27OLeBAKolIA4bgkzbQELlhrXL
cgr93a6Hy+5KgrXOi+Kg0h6KMPVqJtJozPkZVw2MK0jR392iu5kNX+8oHJbK/HMU
Mk28zawfwDBt2tQTmbqcIM6S9eK2cQZBOI13O42q4tlLQ5tNQwVGyAQabE7CvccD
2xsbIAapMQ7auIrVUFqUSCSqezfCN5yugBQ7PJ0eOrm/psTi8qJhcRjFowDftnaG
wfdE3DyhF4tnavDSajSnZjGkdP8lm9+GggSJ5bYIHleRYBbDxd7r+3ki4y/wE/0Y
fBB7IDPr7heSPQOUTQWCaVY0NvKxD58kUBhKJ2MFCxPL3m6ImbSMk4hDUeUrK6X6
5zyQSuD3k/HdRaX4SQJuByL5eF0voUXQ2/ouersRdo0DHMrd9z0=
=fJ05
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close