-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina

Security Update 2022-005 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213343.

APFS
Available for: macOS Catalina
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleMobileFileIntegrity
Available for: macOS Catalina
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu
Security, Mickey Jin (@patch1t) of Trend Micro

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security

Audio
Available for: macOS Catalina
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher

Calendar
Available for: macOS Catalina
Impact: An app may be able to access sensitive user information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security

Calendar
Available for: macOS Catalina
Impact: An app may be able to access user-sensitive data
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones

CoreText
Available for: macOS Catalina
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)

FaceTime
Available for: macOS Catalina
Impact: An app with root privileges may be able to access private
information
Description: This issue was addressed by enabling hardened runtime.
CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing

File System Events
Available for: macOS Catalina
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant

ICU
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.

ImageIO
Available for: macOS Catalina
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver
Available for: macOS Catalina
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.

Intel Graphics Driver
Available for: macOS Catalina
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2022-32811: ABC Research s.r.o

Kernel
Available for: macOS Catalina
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32815: Xinru Chi of Pangu Lab
CVE-2022-32813: Xinru Chi of Pangu Lab

libxml2
Available for: macOS Catalina
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823

PackageKit
Available for: macOS Catalina
Impact: An app may be able to modify protected parts of the file
system
Description: An issue in the handling of environment variables was
addressed with improved validation.
CVE-2022-32786: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Catalina
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed with improved checks.
CVE-2022-32800: Mickey Jin (@patch1t)

PluginKit
Available for: macOS Catalina
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

PS Normalizer
Available for: macOS Catalina
Impact: Processing a maliciously crafted Postscript file may result
in unexpected app termination or disclosure of process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz

SMB
Available for: macOS Catalina
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)

SMB
Available for: macOS Catalina
Impact: A user in a privileged network position may be able to leak
sensitive information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)

Software Update
Available for: macOS Catalina
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

Spindump
Available for: macOS Catalina
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed with improved file handling.
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Spotlight
Available for: macOS Catalina
Impact: An app may be able to gain elevated privileges
Description: A validation issue in the handling of symlinks was
addressed with improved validation of symlinks.
CVE-2022-26704: Joshua Mason of Mandiant

TCC
Available for: macOS Catalina
Impact: An app may be able to access sensitive user information
Description: An access issue was addressed with improvements to the
sandbox.
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Vim
Available for: macOS Catalina
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2021-4136
CVE-2021-4166
CVE-2021-4173
CVE-2021-4187
CVE-2021-4192
CVE-2021-4193
CVE-2021-46059
CVE-2022-0128

Wi-Fi
Available for: macOS Catalina
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval

Security Update 2022-005 Catalina may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p
rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32
qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC
zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1
PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA
6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW
g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J
96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj
8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN
NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F
lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK
8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao=
=fcrb
-----END PGP SIGNATURE-----