Multiple vulnerabilities in Apple macOS Big Sur

Published: 2022-10-24 | Updated: 2022-10-28

Risk	High
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2022-42825 CVE-2022-28739 CVE-2022-32862 CVE-2022-32941 CVE-2022-32944 CVE-2022-37434 CVE-2022-42798 CVE-2022-42800
CWE-ID	CWE-264 CWE-704 CWE-254 CWE-119 CWE-122 CWE-125
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #6 is available.
Vulnerable software Subscribe	macOS Operating systems & Components / Operating system
Vendor	Apple Inc.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68610

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42825

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions within the AppleMobileFileIntegrity. A local application can modify protected parts of the filesystem.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Type conversion

EUVDB-ID: #VU62081

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-28739

CWE-ID: CWE-704 - Incorrect Type Conversion or Cast (Type Conversion)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a type conversion error in some convertion methods like Kernel#Float</code> and <code>String#to_f. A remote attacker can pass specially crafted data to the affected application, trigger memory corruption and execute arbitrary code in the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Security features bypass

EUVDB-ID: #VU68629

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32862

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can gain unauthorized access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU68808

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within ppp implementation. A remote attacker can trick the victim into connecting to a malicious PPP server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU68803

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32944

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Heap-based buffer overflow

EUVDB-ID: #VU66153

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-37434

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU68798

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42798

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing media files in the Audio subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Heap-based buffer overflow

EUVDB-ID: #VU68812

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42800

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing gzip files. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.7 20G817

CPE2.3

cpe:2.3:o:apple:macos:11.7:20G817:*:*:*:*:*:*

External links

http://support.apple.com/en-us/HT213493

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?