Apple Security Advisory 2022-03-14-6 - Security Update 2022-003 Catalina addresses bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
417d1b6673c1cdc4260e913d6ab22e5a1faa6dc579263d923aeb16c65ea1fc60
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina
Security Update 2022-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213185.
AppleGraphicsControl
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous researcher
AppleScript
Available for: macOS Catalina
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher
AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM
Available for: macOS Catalina
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba
Security Pandora Lab
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: an anonymous researcher, Alex
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22615: an anonymous researcher
CVE-2022-22614: an anonymous researcher
Kernel
Available for: macOS Catalina
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)
Login Window
Available for: macOS Catalina
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22647: an anonymous researcher
LoginWindow
Available for: macOS Catalina
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22656
PackageKit
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22617: Mickey Jin (@patch1t)
QuickTime Player
Available for: macOS Catalina
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
WebKit
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
xar
Available for: macOS Catalina
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.
syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.
TCC
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Security Update 2022-003 Catalina may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxgACgkQeC9qKD1p
rhg/uBAAospTnt737g43qnKYd7V4FNsRKPQN70a7MQYHkH9VHbKYc59QIuvXpI2/
7E0Ki7cq5QE50rJv95w7FQlLdSZ/u5FI6CVlLIjqqr73vnY0x/eOQxkUsgWNvbJO
l1KH1OZu17YfYd/xNX4h1vGgCV5fkQcG9+8vkylR2xKgoUWkEacrQgu+H+xh5UlN
qp/UCG0iihSpkYRoT5B2rADUrzgMTeOomUh9qrN5xRR4p41hehL0IRPTirs7Opjp
Xi5WzscwaAkDHFMwbuyTxVp8KJzEcSZh4aerLA27OLeBAKolIA4bgkzbQELlhrXL
cgr93a6Hy+5KgrXOi+Kg0h6KMPVqJtJozPkZVw2MK0jR392iu5kNX+8oHJbK/HMU
Mk28zawfwDBt2tQTmbqcIM6S9eK2cQZBOI13O42q4tlLQ5tNQwVGyAQabE7CvccD
2xsbIAapMQ7auIrVUFqUSCSqezfCN5yugBQ7PJ0eOrm/psTi8qJhcRjFowDftnaG
wfdE3DyhF4tnavDSajSnZjGkdP8lm9+GggSJ5bYIHleRYBbDxd7r+3ki4y/wE/0Y
fBB7IDPr7heSPQOUTQWCaVY0NvKxD58kUBhKJ2MFCxPL3m6ImbSMk4hDUeUrK6X6
5zyQSuD3k/HdRaX4SQJuByL5eF0voUXQ2/ouersRdo0DHMrd9z0=
=fJ05
-----END PGP SIGNATURE-----