SB2022031433 - Multiple vulnerabilities in Apple macOS Monterey
Published: March 14, 2022 Updated: June 12, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 70 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-4192)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Improper access control (CVE-ID: CVE-2022-22609)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Preferences feature. A malicious application can read other applications' settings.
3) Improper access control (CVE-ID: CVE-2022-22650)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in QuickTime Player. A malicious plug-in can inherit the application's permissions and access user data.
4) Security restrictions bypass (CVE-ID: CVE-2022-22600)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to incorrect permissions logic in Sandbox. A malicious application can bypass certain Privacy preferences.
5) Security restrictions bypass (CVE-ID: CVE-2022-22599)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to an error in Siri. An attacker with physical access to device can use Siri to obtain some location information from the lock screen.
6) Out-of-bounds write (CVE-ID: CVE-2022-22651)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in SMB daemon. A remote attacker can send specially crafted packets to the system, trigger an out-of-bounds write and execute arbitrary code on the target system.
7) State Issues (CVE-ID: CVE-2022-22639)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue within the SoftwareUpdate subsystem. A malicious application can execute arbitrary code with elevated privileges.
8) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2022-22660)
The vulnerability allows a local application to perform spoofing attack.
The vulnerability exists due to an error in the System Preferences feature. A local application can spoof system notifications and UI.
9) Information disclosure (CVE-ID: CVE-2022-22621)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to sensitive information disclosure via keyboard suggestions. An attacker with physical access to the system can gain access to sensitive information.
10) Heap-based buffer overflow (CVE-ID: CVE-2021-4136)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2021-4166)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
12) Double Free (CVE-ID: CVE-2021-4173)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Double Free (CVE-ID: CVE-2021-4187)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Out-of-bounds read (CVE-ID: CVE-2021-4193)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
15) Improper access control (CVE-ID: CVE-2022-22644)
The vulnerability allows a malicious application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions within the NSSpellChecker feature when handling Contact cards. A malicious application can access information about a user's contacts.
16) NULL pointer dereference (CVE-ID: CVE-2021-46059)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_multi() function in regexp.c in Vim. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2022-0128)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
18) Use-after-free (CVE-ID: CVE-2022-0156)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing lines inside files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
19) Heap-based buffer overflow (CVE-ID: CVE-2022-0158)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing lines that start with the "$" character. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) State Issues (CVE-ID: CVE-2021-30918)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the Status Bar component. A local attacker can view restricted content from the lockscreen.
21) Information disclosure (CVE-ID: CVE-2022-22662)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a cookie management issue in WebKit. A remote attacker can trick the victim to open a specially crafted webpage and gain access to sensitive information.
22) Buffer overflow (CVE-ID: CVE-2022-22610)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Use-after-free (CVE-ID: CVE-2022-22624)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
24) Use-after-free (CVE-ID: CVE-2022-22628)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
25) Heap-based buffer overflow (CVE-ID: CVE-2022-22629)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the WebGLMultiDraw component. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Origin validation error (CVE-ID: CVE-2022-22637)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic error in WebKit. A remote attacker can trick the victim to visit a specially crafted website and cause unexpected cross-origin behavior.
27) Information disclosure (CVE-ID: CVE-2022-22668)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to logic issue within the Wi-Fi component. A malicious application can leak sensitive user information.
28) UNIX symbolic link following (CVE-ID: CVE-2022-22582)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in xar. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
29) Security restrictions bypass (CVE-ID: CVE-2022-22617)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a logic error in PackageKit. A malicious application can bypass implemented security restrictions and escalate privileges on the system.
30) Out-of-bounds read (CVE-ID: CVE-2022-22664)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition when processing files in GarageBand MIDI. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the system.
31) Buffer overflow (CVE-ID: CVE-2022-22633)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files within Accelerate Framework. A remote attacker can create a specially crafted PDF, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Input validation error (CVE-ID: CVE-2022-22623)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to unspecified vulnerability in curl. A remote attacker can bypass implemented security restrictions.
33) Use-after-free (CVE-ID: CVE-2022-22669)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in macOS kernel AMD support. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
34) Security restrictions bypass (CVE-ID: CVE-2022-22665)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a logic error in AppKit. A malicious application can execute arbitrary code with root privileges.
35) Out-of-bounds write (CVE-ID: CVE-2022-22631)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AppleGraphicsControl subsystem. A malicious application can trigger an out-of-bounds write and execute arbitrary code with root privileges.
36) Out-of-bounds read (CVE-ID: CVE-2022-22625)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.
37) Out-of-bounds read (CVE-ID: CVE-2022-22648)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.
38) Out-of-bounds read (CVE-ID: CVE-2022-22626)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.
39) Out-of-bounds read (CVE-ID: CVE-2022-22627)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.
40) Buffer overflow (CVE-ID: CVE-2022-22597)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing SCPT files. A malicious application can trigger buffer overflow and execute arbitrary code on the system.
41) Input validation error (CVE-ID: CVE-2022-22616)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in BOM when processing ZIP files. A remote attacker can trick the victim to open a specially crafted ZIP archive, bypass Gatekeeper checks and execute arbitrary code on the system.
42) Cleartext transmission of sensitive information (CVE-ID: CVE-2021-22946)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error, related to incorrect enforcement of the --ssl-reqd option on the command line or CURLOPT_USE_SSL setting set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl. A remote attacker with control over the IMAP, POP3 or FTP server can send a specially crafted but perfectly legitimate response to the libcurl client and force it silently to continue its operations without TLS encryption and transmit data in clear text over the network.
43) Insufficient verification of data authenticity (CVE-ID: CVE-2021-22947)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in the way libcurl handles the STARTTLS negotiation process. When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade. Such multiple "pipelined" responses are cached by curl. curl would then upgrade to TLS but not flush the in-queue of cached responses and instead use and trust the responses it got before the TLS handshake as if they were authenticated.
Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
Over POP3 and IMAP an attacker can inject fake response data.
44) Double Free (CVE-ID: CVE-2021-22945)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when sending data to an MQTT server. A remote attacker with ability to control libcurl input can trigger a double free error and perform a denial of service (DoS) attack.
45) Security restrictions bypass (CVE-ID: CVE-2022-22643)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in FaceTime due to the ability to send audio and video files without knowledge of the user. An attacker with physical access to the system can share sensitive information via FaceTime.
46) Buffer overflow (CVE-ID: CVE-2022-22657)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files in GarageBand MIDI. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Out-of-bounds read (CVE-ID: CVE-2022-22611)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and execute arbitrary code on the system.
48) Heap-based buffer overflow (CVE-ID: CVE-2022-22612)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing files in ImageIO. A remote attacker can trick the victim to open a specially crafted file, trigger a heap corruption and perform a denial of service (DoS) attack.
49) Type Confusion (CVE-ID: CVE-2022-22661)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a type confusion error in Intel Graphics Driver subsystem. A local application can trigger a type confusion error and execute arbitrary code with kernel privileges.
50) Use-after-free (CVE-ID: CVE-2022-22641)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in IOGPUFamily component. A malicious application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
51) Out-of-bounds write (CVE-ID: CVE-2022-22613)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in macOS kernel. A malicious application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.
52) Use-after-free (CVE-ID: CVE-2022-22614)
The vulnerability allows a local application to escalate privileges on the system.
53) Use-after-free (CVE-ID: CVE-2022-22615)
The vulnerability allows a local application to escalate privileges on the system.
54) Security restrictions bypass (CVE-ID: CVE-2022-22632)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper state management in macOS kernel. A local user can execute arbitrary code with elevated privileges.
55) NULL pointer dereference (CVE-ID: CVE-2022-22638)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in macOS kernel. A local user can run a specially crafted program and perform a denial of service (DoS) attack.
56) Buffer overflow (CVE-ID: CVE-2022-22640)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system.
57) Use-after-free (CVE-ID: CVE-2021-36976)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in copy_string. A remote attacker can cause a denial of service condition on the target system.
58) Improper Authentication (CVE-ID: CVE-2022-22647)
The vulnerability allows an attacker to bypass Login Window authentication.
The vulnerability exists due to an error in the Login Window feature. An attacker with physical access to the system can bypass the login window and gain unauthorized access to the system.
59) Improper Authentication (CVE-ID: CVE-2022-22656)
The vulnerability allows an attacker to bypass login window dialog.
The vulnerability exists due to an error in the Login Window feature. An attacker with physical access to the system can bypass authentication process and view the previous logged in user’s desktop from the fast user switching screen.
60) UNIX symbolic link following (CVE-ID: CVE-2022-26688)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue within PackageKit. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
61) Race condition (CVE-ID: CVE-2022-26690)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in PackageKit. A local user can exploit the race to modify protected parts of the file system and escalate privileges on the system.
62) Buffer overflow (CVE-ID: CVE-2022-22672)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the MobileAccessoryUpdater component. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.
63) Buffer overflow (CVE-ID: CVE-2021-30977)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Graphics Drivers. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
64) Race condition (CVE-ID: CVE-2022-21658)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in std::fs::remove_dir_all. A remote attacker can exploit the race, escalate privileges and delete arbitrary files on the system.
65) Security restrictions bypass (CVE-ID: CVE-2022-22663)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper securi5ty checks in the CoreTypes subsystem. A local application can bypass Gatekeeper checks.
66) Improper Authorization (CVE-ID: CVE-2022-26691)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in implementation of "Local" authorization mechanism. A remote attacker can authenticate as to CUPS as root/admin without the 32-byte secret key and execute arbitrary code on the system.
67) Buffer overflow (CVE-ID: CVE-2022-22630)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Apple Remote Events. A remote attacker can send specially crafted request to the system, trigger memory corruption and execute arbitrary code on the target system in the context of the AEServer process.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
68) Security restrictions bypass (CVE-ID: CVE-2021-30946)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in the Sandbox feature. A malicious application can bypass certain Privacy preferences.
69) Security features bypass (CVE-ID: CVE-2022-22655)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error within the sandbox implementation. A local application can obtain sensitive user information.
70) Type Confusion (CVE-ID: CVE-2022-46706)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a type confusion error in the Intel Graphics Driver. A local application can trigger a type confusion error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.