SB2022051702 - Multiple vulnerabilities in Apple macOS Big Sur
Published: May 17, 2022 Updated: October 25, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 57 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2021-4166)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26712)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can modify protected parts of the file system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26746)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in Printing feature. A local application can bypass Privacy preferences.
4) Cryptographic issues (CVE-ID: CVE-2022-26766)
The vulnerability allows a local application to bypass signature validation.
The vulnerability exists due to a certificate parsing issue in the Security subsystem. A local application can bypass signature validation.
5) Out-of-bounds read (CVE-ID: CVE-2022-26718)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within SMB implementation. A local application can trigger an out-of-bounds read and execute arbitrary code with elevated privileges.
6) Buffer overflow (CVE-ID: CVE-2022-26723)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when mounting SMB shares. A remote attacker can trick the victim to mound a specially crafted SMB share, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Out-of-bounds write (CVE-ID: CVE-2022-26715)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within SMB implementation. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
8) Improper access control (CVE-ID: CVE-2022-26728)
The vulnerability allows a local application to gain access to restricted files.
The vulnerability exists due to improper access restrictions in SoftwareUpdate. A local application can access restricted files.
9) Security features bypass (CVE-ID: CVE-2022-26726)
The vulnerability allows a local application to capture user's screen.
The vulnerability exists due to improperly implemented security checks in TCC component. A local application can capture user's screen.
10) Security features bypass (CVE-ID: CVE-2022-26755)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists within the Tcl component. A local application can break out of its sandbox.
11) Heap-based buffer overflow (CVE-ID: CVE-2021-4136)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Double Free (CVE-ID: CVE-2021-4173)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Infinite loop (CVE-ID: CVE-2022-0778)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
14) Double Free (CVE-ID: CVE-2021-4187)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Use-after-free (CVE-ID: CVE-2021-4192)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Out-of-bounds read (CVE-ID: CVE-2021-4193)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
17) NULL pointer dereference (CVE-ID: CVE-2021-46059)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_multi() function in regexp.c in Vim. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2022-0128)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
19) Code Injection (CVE-ID: CVE-2022-22589)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code on the system.
The vulnerability exists due to improper input validation in WebKit when processing email messages. A remote attacker can trick the victim to open a specially crafted email message and execute arbitrary JavaScript code on the system.
20) Buffer overflow (CVE-ID: CVE-2022-26745)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a boundary error in Wi-Fi component. A local application can gain read access to restricted memory.
21) Buffer overflow (CVE-ID: CVE-2022-26761)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Wi-Fi component. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
22) Heap-based buffer overflow (CVE-ID: CVE-2022-0530)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
24) OS Command Injection (CVE-ID: CVE-2021-45444)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to recursive PROMPT_SUBST expansion when processing malicious output. A remote attacker with ability to control the output can inject and execute arbitrary commands on the system with privileges on the current user.
25) Use-after-free (CVE-ID: CVE-2022-23308)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
26) Input validation error (CVE-ID: CVE-2022-26776)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
27) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2021-44224)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in forward proxy configurations. A remote attacker can send a specially crafted HTTP request and trick the web server to initiate requests to arbitrary systems or cause NULL pointer dereference error and crash the web server.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
SSRF if possible for configuration that mix forward and reverse proxy.
28) Improper Initialization (CVE-ID: CVE-2022-26721)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper initialization in CVMS. A local application can execute arbitrary code with root privileges.
29) Buffer overflow (CVE-ID: CVE-2021-44790)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing multipart content in mod_lua. A remote attacker can send a specially crafted HTTP request to the affected web server, trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Input validation error (CVE-ID: CVE-2022-22719)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized value in r:parsebody. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
31) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-22720)
The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
32) Integer overflow (CVE-ID: CVE-2022-22721)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the ap_escape_html2() function when parsing LimitXMLRequestBody. A remote attacker can send a specially crafted request to the web server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Security restrictions bypass (CVE-ID: CVE-2022-22665)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a logic error in AppKit. A malicious application can execute arbitrary code with root privileges.
34) Out-of-bounds write (CVE-ID: CVE-2022-22675)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the AppleAVD subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
35) Input validation error (CVE-ID: CVE-2022-26751)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the processing of HEIC files in the VTDecoderXPCService process in the AppleGraphicsControl. A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
36) Out-of-bounds read (CVE-ID: CVE-2022-26698)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
37) Out-of-bounds read (CVE-ID: CVE-2022-26697)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
38) Improper Initialization (CVE-ID: CVE-2022-26722)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper initialization in CVMS. A local application can execute arbitrary code with root privileges.
39) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26706)
The vulnerability allows a local application to bypass sandbox restrictions.
The vulnerability exists due to sandbox bypass in LaunchServices. A local application can circumvent sandbox restrictions.
40) Out-of-bounds write (CVE-ID: CVE-2022-26763)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in DriverKit. A local application can execute arbitrary code with system privileges.
41) Out-of-bounds read (CVE-ID: CVE-2022-22674)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within Intel Graphics Driver. A local user can trigger an out-of-bounds read error and read contents of kernel memory.
Note, the vulnerability is being actively exploited in the wild.
42) Out-of-bounds write (CVE-ID: CVE-2022-26720)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
43) Out-of-bounds read (CVE-ID: CVE-2022-26770)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger an out-of-bounds read and execute arbitrary code with kernel privileges.
44) Out-of-bounds write (CVE-ID: CVE-2022-26756)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
45) Buffer overflow (CVE-ID: CVE-2022-26769)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
46) Out-of-bounds write (CVE-ID: CVE-2022-26748)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the WebGL library in Intel Graphics Driver. A local user can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.
47) Buffer overflow (CVE-ID: CVE-2022-26768)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in IOMobileFrameBuffer. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.
48) Buffer overflow (CVE-ID: CVE-2022-26714)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
49) Use-after-free (CVE-ID: CVE-2022-26757)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the OS kernel subsystem. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
50) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26767)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in LaunchServices due to improper permissions checks. A local application can bypass Privacy preferences.
51) Security restrictions bypass (CVE-ID: CVE-2022-22663)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper securi5ty checks in the CoreTypes subsystem. A local application can bypass Gatekeeper checks.
52) Input validation error (CVE-ID: CVE-2022-32790)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libresolv. A remote attacker can pass specially crafted DNS response to the systen and perform a denial of service (DoS) attack.
53) Security restrictions bypass (CVE-ID: CVE-2022-26731)
The vulnerability allows a remote attacker to track Safari users.
The vulnerability exists due to a logic issue in Safari private browsing mode. A remote attacker can track Safari users.
54) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32794)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can escalate privileges on the system.
55) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-32882)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in Libinfo. A local application can bypass Privacy preferences.
56) Security restrictions bypass (CVE-ID: CVE-2021-30946)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in the Sandbox feature. A malicious application can bypass certain Privacy preferences.
57) Buffer overflow (CVE-ID: CVE-2022-22630)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Apple Remote Events. A remote attacker can send specially crafted request to the system, trigger memory corruption and execute arbitrary code on the target system in the context of the AEServer process.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.