Multiple vulnerabilities in Apple macOS Big Sur



Published: 2022-09-12 | Updated: 2022-10-30
Risk High
Patch available YES
Number of vulnerabilities 32
CVE-ID CVE-2022-32902
CVE-2022-32896
CVE-2022-32911
CVE-2022-32864
CVE-2022-32894
CVE-2022-32917
CVE-2022-32883
CVE-2022-32908
CVE-2022-32900
CVE-2022-32854
CVE-2021-39537
CVE-2022-1622
CVE-2022-1720
CVE-2022-2000
CVE-2022-2042
CVE-2022-2124
CVE-2022-2125
CVE-2022-2126
CVE-2022-32866
CVE-2022-32875
CVE-2022-32877
CVE-2022-32881
CVE-2022-32888
CVE-2022-32904
CVE-2022-32913
CVE-2022-32914
CVE-2022-32924
CVE-2022-32934
CVE-2022-42789
CVE-2022-42790
CVE-2022-42793
CVE-2022-42819
CWE-ID CWE-264
CWE-200
CWE-119
CWE-125
CWE-787
CWE-416
CWE-122
CWE-284
CWE-254
CWE-347
Exploitation vector Network
Public exploit Vulnerability #5 is being exploited in the wild.
Vulnerability #6 is being exploited in the wild.
Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 32 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67188

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32902

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to a logic error in ATS. A local application can bypass Privacy preferences.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU67189

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32896

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in iMovie. A remote attacker can gain unauthorized access to sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU67190

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32911

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU67191

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32864

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds read error and read kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU66586

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32894

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel component. A local application can trigger an out-of-bounds write error and execute arbitrary code on the system with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Buffer overflow

EUVDB-ID: #VU67192

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32917

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Information disclosure

EUVDB-ID: #VU67193

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32883

CWE-ID: CWE-200 - Information Exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a logic issue in the Maps component. A remote attacker can gain unauthorized access to sensitive location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Buffer overflow

EUVDB-ID: #VU67194

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32908

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in MediaLibrary. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67195

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32900

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a logic error in PackageKit. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67196

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32854

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions within the Contacts app. A local application can bypass Privacy preferences.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds write

EUVDB-ID: #VU57577

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-39537

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU63826

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1622

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in LZWDecode() function in libtiff/tif_lzw.c:619. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and to perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds read

EUVDB-ID: #VU64714

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1720

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in normal.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Out-of-bounds write

EUVDB-ID: #VU64719

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2000

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in ex_docmd.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Use-after-free

EUVDB-ID: #VU64706

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2042

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in spell.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds read

EUVDB-ID: #VU64718

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2124

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in textobject.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Heap-based buffer overflow

EUVDB-ID: #VU64717

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2125

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in indent.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Out-of-bounds read

EUVDB-ID: #VU64716

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2126

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in spellsuggest.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Buffer overflow

EUVDB-ID: #VU68661

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32866

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Information disclosure

EUVDB-ID: #VU68679

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32875

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the Weather app. A local application can gain unauthorized access to location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Improper access control

EUVDB-ID: #VU68831

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32877

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in GarageBand. A local application can bypass implemented security restrictions and gain unauthorized access to sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Security features bypass

EUVDB-ID: #VU68672

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32881

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can modify protected parts of the filesystem.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Out-of-bounds write

EUVDB-ID: #VU68680

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32888

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68643

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32904

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to incorrectly imposed security restrictions in ATS. A local application can gain access to sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68659

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32913

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions within the Image Processing subsystem. A local sandboxed application can determine, which app is currently using the camera.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Use-after-free

EUVDB-ID: #VU68662

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32914

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Buffer overflow

EUVDB-ID: #VU68617

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32924

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Buffer overflow

EUVDB-ID: #VU68676

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32934

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in SMB subsystem. A remote attacker can trick the victim to open a specially crafted file from an external SMB share, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68642

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42789

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to incorrect permissions in AppleMobileFileIntegrity. A local application can access sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Security features bypass

EUVDB-ID: #VU68674

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42790

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to a logic issue in the Sidecar. An attacker with physical access to device can view restricted content from the lock screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU68673

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42793

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect verification of cryptographic signature within the Security component. A remote attacker can trick the victim into running a malicious app that appears to have a valid signature and compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68646

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42819

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in Calendar. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.6.8 20G730


CPE2.3 External links

http://support.apple.com/en-us/HT213443

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###