-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-03-14-6 Security Update 2022-003 Catalina

Security Update 2022-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213185.

AppleGraphicsControl
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous researcher

AppleScript
Available for: macOS Catalina
Impact: An application may be able to read restricted memory
Description: This issue was addressed with improved checks.
CVE-2022-22648: an anonymous researcher

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

AppleScript
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

BOM
Available for: macOS Catalina
Impact: A maliciously crafted ZIP archive may bypass Gatekeeper
checks
Description: This issue was addressed with improved checks.
CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley
(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba
Security Pandora Lab

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22613: an anonymous researcher, Alex

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-22615: an anonymous researcher
CVE-2022-22614: an anonymous researcher

Kernel
Available for: macOS Catalina
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-22638: derrek (@derrekr6)

Login Window
Available for: macOS Catalina
Impact: A person with access to a Mac may be able to bypass Login
Window
Description: This issue was addressed with improved checks.
CVE-2022-22647: an anonymous researcher

LoginWindow
Available for: macOS Catalina
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2022-22656

PackageKit
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-22617: Mickey Jin (@patch1t)

QuickTime Player
Available for: macOS Catalina
Impact: A plug-in may be able to inherit the application's
permissions and access user data
Description: This issue was addressed with improved checks.
CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing

WebKit
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A cookie management issue was addressed with improved
state management.
WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

xar
Available for: macOS Catalina
Impact: A local user may be able to write arbitrary files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2022-22582: Richard Warren of NCC Group

Additional recognition

Intel Graphics Driver
We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi
Wu (@3ndy1) for their assistance.

syslog
We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for
their assistance.

TCC
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Security Update 2022-003 Catalina may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxgACgkQeC9qKD1p
rhg/uBAAospTnt737g43qnKYd7V4FNsRKPQN70a7MQYHkH9VHbKYc59QIuvXpI2/
7E0Ki7cq5QE50rJv95w7FQlLdSZ/u5FI6CVlLIjqqr73vnY0x/eOQxkUsgWNvbJO
l1KH1OZu17YfYd/xNX4h1vGgCV5fkQcG9+8vkylR2xKgoUWkEacrQgu+H+xh5UlN
qp/UCG0iihSpkYRoT5B2rADUrzgMTeOomUh9qrN5xRR4p41hehL0IRPTirs7Opjp
Xi5WzscwaAkDHFMwbuyTxVp8KJzEcSZh4aerLA27OLeBAKolIA4bgkzbQELlhrXL
cgr93a6Hy+5KgrXOi+Kg0h6KMPVqJtJozPkZVw2MK0jR392iu5kNX+8oHJbK/HMU
Mk28zawfwDBt2tQTmbqcIM6S9eK2cQZBOI13O42q4tlLQ5tNQwVGyAQabE7CvccD
2xsbIAapMQ7auIrVUFqUSCSqezfCN5yugBQ7PJ0eOrm/psTi8qJhcRjFowDftnaG
wfdE3DyhF4tnavDSajSnZjGkdP8lm9+GggSJ5bYIHleRYBbDxd7r+3ki4y/wE/0Y
fBB7IDPr7heSPQOUTQWCaVY0NvKxD58kUBhKJ2MFCxPL3m6ImbSMk4hDUeUrK6X6
5zyQSuD3k/HdRaX4SQJuByL5eF0voUXQ2/ouersRdo0DHMrd9z0=
=fJ05
-----END PGP SIGNATURE-----