Multiple vulnerabilities in Apple macOS Catalina



Published: 2022-03-14 | Updated: 2022-07-05
Risk High
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2022-22614
CVE-2022-22582
CVE-2022-22662
CVE-2022-22650
CVE-2022-22617
CVE-2022-22656
CVE-2022-22647
CVE-2022-22638
CVE-2022-22615
CVE-2022-22631
CVE-2022-22613
CVE-2022-22661
CVE-2022-22616
CVE-2022-22597
CVE-2022-22625
CVE-2022-22626
CVE-2022-22627
CVE-2022-22648
CVE-2022-22589
CVE-2022-22665
CVE-2022-22672
CVE-2022-26688
CVE-2022-26691
CWE-ID CWE-416
CWE-61
CWE-200
CWE-284
CWE-264
CWE-287
CWE-476
CWE-787
CWE-843
CWE-20
CWE-119
CWE-125
CWE-94
CWE-285
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU61313

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22614

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in macOS kernel. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) UNIX symbolic link following

EUVDB-ID: #VU61340

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22582

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in xar. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Information disclosure

EUVDB-ID: #VU61333

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22662

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a cookie management issue in WebKit. A remote attacker can trick the victim to open a specially crafted webpage and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper access control

EUVDB-ID: #VU61325

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22650

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in QuickTime Player. A malicious plug-in can inherit the application's permissions and access user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Security restrictions bypass

EUVDB-ID: #VU61323

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22617

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a logic error in PackageKit. A malicious application can bypass implemented security restrictions and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper Authentication

EUVDB-ID: #VU61318

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22656

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows an attacker to bypass login window dialog.

The vulnerability exists due to an error in the Login Window feature. An attacker with physical access to the system can bypass authentication process and view the previous logged in user’s desktop from the fast user switching screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Improper Authentication

EUVDB-ID: #VU61319

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22647

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows an attacker to bypass Login Window authentication.

The vulnerability exists due to an error in the Login Window feature. An attacker with physical access to the system can bypass the login window and gain unauthorized access to the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) NULL pointer dereference

EUVDB-ID: #VU61316

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22638

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in macOS kernel. A local user can run a specially crafted program and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Use-after-free

EUVDB-ID: #VU61314

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22615

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in macOS kernel. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds write

EUVDB-ID: #VU61299

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22631

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the AppleGraphicsControl subsystem. A malicious application can trigger an out-of-bounds write and execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds write

EUVDB-ID: #VU61312

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22613

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in macOS kernel. A malicious application can trigger an out-of-bounds write error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Type Confusion

EUVDB-ID: #VU61310

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22661

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a type confusion error in Intel Graphics Driver subsystem. A local application can trigger a type confusion error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Input validation error

EUVDB-ID: #VU61305

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-22616

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in BOM when processing ZIP files. A remote attacker can trick the victim to open a specially crafted ZIP archive, bypass Gatekeeper checks and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Buffer overflow

EUVDB-ID: #VU61304

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22597

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing SCPT files. A malicious application can trigger buffer overflow and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU61300

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22625

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds read

EUVDB-ID: #VU61301

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22626

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds read

EUVDB-ID: #VU61302

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22627

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Out-of-bounds read

EUVDB-ID: #VU61303

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22648

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can trick the victim to run a specially crafted SCPT file, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Code Injection

EUVDB-ID: #VU60036

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22589

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code on the system.

The vulnerability exists due to improper input validation in WebKit when processing email messages. A remote attacker can trick the victim to open a specially crafted email message and execute arbitrary JavaScript code on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Security restrictions bypass

EUVDB-ID: #VU61298

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22665

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a logic error in AppKit. A malicious application can execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Buffer overflow

EUVDB-ID: #VU64807

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-22672

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the MobileAccessoryUpdater component. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) UNIX symbolic link following

EUVDB-ID: #VU64809

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-26688

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within PackageKit. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Improper Authorization

EUVDB-ID: #VU63747

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26691

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in implementation of "Local" authorization mechanism. A remote attacker can authenticate as to CUPS as root/admin without the 32-byte secret key and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H1715


CPE2.3 External links

http://support.apple.com/en-us/HT213185

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###