Multiple vulnerabilities in Apple macOS Ventura



Published: 2022-10-25 | Updated: 2022-12-28
Risk High
Patch available YES
Number of vulnerabilities 131
CVE-ID CVE-2022-0554
CVE-2022-1616
CVE-2022-1725
CVE-2022-1420
CVE-2022-1381
CVE-2022-0943
CVE-2022-0729
CVE-2022-0714
CVE-2022-0696
CVE-2022-0685
CVE-2022-0629
CVE-2022-0572
CVE-2022-0392
CVE-2022-1620
CVE-2022-0368
CVE-2022-0361
CVE-2022-0359
CVE-2022-0351
CVE-2022-0319
CVE-2022-0318
CVE-2022-0261
CVE-2021-36690
CVE-2022-42791
CVE-2022-32934
CVE-2022-32870
CVE-2022-1619
CVE-2022-1621
CVE-2022-32938
CVE-2022-2124
CVE-2022-32892
CVE-2022-32922
CVE-2022-42824
CVE-2022-42823
CVE-2022-42799
CVE-2022-32912
CVE-2022-32888
CVE-2022-32886
CVE-2022-32875
CVE-2022-2126
CVE-2022-2125
CVE-2022-2042
CVE-2022-1629
CVE-2022-2000
CVE-2022-1720
CVE-2022-1898
CVE-2022-1897
CVE-2022-1851
CVE-2022-1968
CVE-2022-1942
CVE-2022-1927
CVE-2022-1769
CVE-2022-1735
CVE-2022-1733
CVE-2022-1674
CVE-2022-42790
CVE-2022-42793
CVE-2022-42795
CVE-2022-26730
CVE-2022-32905
CVE-2022-42788
CVE-2022-32928
CVE-2022-32915
CVE-2022-32865
CVE-2022-42814
CVE-2022-32208
CVE-2022-32207
CVE-2022-32206
CVE-2022-32205
CVE-2022-32867
CVE-2022-42813
CVE-2022-42809
CVE-2022-42819
CVE-2022-32940
CVE-2022-42796
CVE-2022-32890
CVE-2022-32904
CVE-2022-32902
CVE-2022-42825
CVE-2022-42789
CVE-2022-32827
CVE-2022-32899
CVE-2022-32898
CVE-2022-32858
CVE-2022-32947
CVE-2022-32913
CVE-2022-42811
CVE-2022-29458
CVE-2022-32862
CVE-2022-32881
CVE-2022-28739
CVE-2022-42832
CVE-2022-42831
CVE-2022-42830
CVE-2022-42829
CVE-2022-32918
CVE-2022-32895
CVE-2022-32879
CVE-2022-42818
CVE-2021-39537
CVE-2022-1622
CVE-2022-32908
CVE-2022-32883
CVE-2022-42815
CVE-2022-42808
CVE-2022-32914
CVE-2022-32924
CVE-2022-32911
CVE-2022-32866
CVE-2022-32864
CVE-2022-42806
CVE-2022-42820
CVE-2022-32936
CVE-2022-32923
CVE-2022-32926
CVE-2022-32935
CVE-2022-32941
CVE-2022-32944
CVE-2022-3437
CVE-2022-37434
CVE-2022-42798
CVE-2022-42800
CVE-2022-42801
CVE-2022-42803
CVE-2022-42810
CVE-2022-32833
CVE-2022-42838
CVE-2022-42833
CVE-2022-32945
CVE-2022-32849
CVE-2022-42821
CVE-2022-42826
CWE-ID CWE-823
CWE-122
CWE-476
CWE-787
CWE-119
CWE-121
CWE-125
CWE-362
CWE-254
CWE-200
CWE-843
CWE-451
CWE-416
CWE-120
CWE-347
CWE-61
CWE-264
CWE-300
CWE-276
CWE-400
CWE-284
CWE-295
CWE-704
CWE-312
Exploitation vector Network
Public exploit Public exploit code for vulnerability #102 is available.
Public exploit code for vulnerability #119 is available.
Vulnerable software
Subscribe
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 131 vulnerabilities.

1) Use of out-of-range pointer offset

EUVDB-ID: #VU60777

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0554

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a boundary error when reading files. A remote attacker can trick the victim to open a specially crafted file and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Heap-based buffer overflow

EUVDB-ID: #VU63042

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1616

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) NULL pointer dereference

EUVDB-ID: #VU66151

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1725

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU63044

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1420

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service on the target application.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a use of out-of-range pointer offset and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU63045

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1381

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Heap-based buffer overflow

EUVDB-ID: #VU62026

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0943

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Buffer overflow

EUVDB-ID: #VU62025

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0729

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Heap-based buffer overflow

EUVDB-ID: #VU60796

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0714

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) NULL pointer dereference

EUVDB-ID: #VU60773

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0696

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Vim when switching tabpage while in the cmdline window. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Use of out-of-range pointer offset

EUVDB-ID: #VU60774

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0685

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to improper input validation when processing special multi-byte characters. A remote attacker can trick the victim to open a specially crafted file and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Stack-based buffer overflow

EUVDB-ID: #VU60775

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0629

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when using many composing characters in error message. A remote unauthenticated attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Heap-based buffer overflow

EUVDB-ID: #VU60776

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0572

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when repeatedly using :retab. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Heap-based buffer overflow

EUVDB-ID: #VU60783

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0392

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) NULL pointer dereference

EUVDB-ID: #VU62876

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1620

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vim_regexec_string() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger NULL pointer dereference error and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU60785

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0368

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Heap-based buffer overflow

EUVDB-ID: #VU60786

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0361

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when copying lines in Visual mode. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Heap-based buffer overflow

EUVDB-ID: #VU60772

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0359

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Buffer overflow

EUVDB-ID: #VU60771

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0351

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Out-of-bounds read

EUVDB-ID: #VU60787

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0319

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Heap-based buffer overflow

EUVDB-ID: #VU60770

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0318

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Heap-based buffer overflow

EUVDB-ID: #VU60769

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-0261

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Buffer overflow

EUVDB-ID: #VU63627

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36690

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a segmentation fault in the sqlite3 command-line component when processing SQL queries in the idxGetTableInfo() function. A local user can pass a specially crafted SQL query and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Race condition

EUVDB-ID: #VU68677

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42791

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition within the Software Update component. A local application can exploit the race and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Buffer overflow

EUVDB-ID: #VU68676

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32934

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in SMB subsystem. A remote attacker can trick the victim to open a specially crafted file from an external SMB share, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Security features bypass

EUVDB-ID: #VU68675

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32870

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to a logic issue in Siri. An attacker with physical access to device can obtain certain call history information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Heap-based buffer overflow

EUVDB-ID: #VU62875

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1619

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing data in the cmdline_erase_chars() function in ex_getln.c. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Heap-based buffer overflow

EUVDB-ID: #VU63041

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1621

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Information disclosure

EUVDB-ID: #VU68624

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32938

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists in the way Shortcuts handle directory paths. A shortcut may be able to check the existence of an arbitrary path on the file system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Out-of-bounds read

EUVDB-ID: #VU64718

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2124

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in textobject.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Security features bypass

EUVDB-ID: #VU68681

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32892

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions within WebKit Sandboxing. A remote attacker can trick the victim into visiting a specially crafted website and bypass implemented sandbox restrictions on the browser process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Buffer overflow

EUVDB-ID: #VU68628

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32922

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDf files in WebKit PDF. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Information disclosure

EUVDB-ID: #VU68627

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42824

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error in WebKit. A remote attacker can trick the victim to visit a specially crafted web page and gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Type Confusion

EUVDB-ID: #VU68626

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42823

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Spoofing attack

EUVDB-ID: #VU68625

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42799

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can trick the victim to visit a specially crafted website and spoof user interface.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Out-of-bounds read

EUVDB-ID: #VU67198

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32912

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Out-of-bounds write

EUVDB-ID: #VU68680

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32888

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Buffer overflow

EUVDB-ID: #VU67199

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32886

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Information disclosure

EUVDB-ID: #VU68679

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32875

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the Weather app. A local application can gain unauthorized access to location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Out-of-bounds read

EUVDB-ID: #VU64716

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2126

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in spellsuggest.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Heap-based buffer overflow

EUVDB-ID: #VU64717

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2125

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in indent.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) Use-after-free

EUVDB-ID: #VU64706

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2042

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in spell.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) Out-of-bounds read

EUVDB-ID: #VU63490

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1629

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary condition in find_next_quote() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error, perform a denial of service attack, modify memory, and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Out-of-bounds write

EUVDB-ID: #VU64719

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2000

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in ex_docmd.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Out-of-bounds read

EUVDB-ID: #VU64714

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1720

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in normal.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Use-after-free

EUVDB-ID: #VU64509

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to a use-after-free vulnerability in the find_pattern_in_path() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Out-of-bounds write

EUVDB-ID: #VU64506

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1897

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) Out-of-bounds read

EUVDB-ID: #VU64505

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1851

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to illegal memory access and leads to an out-of-bounds read vulnerability in the gchar_cursor() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

48) Use-after-free

EUVDB-ID: #VU64720

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1968

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in search.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

49) Heap-based buffer overflow

EUVDB-ID: #VU64721

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1942

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in buffer.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

50) Out-of-bounds read

EUVDB-ID: #VU64508

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1927

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

51) Out-of-bounds read

EUVDB-ID: #VU63647

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1769

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in get_one_sourceline() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

52) Buffer overflow

EUVDB-ID: #VU63489

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1735

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in utfc_ptr2len() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

53) Heap-based buffer overflow

EUVDB-ID: #VU63492

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1733

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in skip_string() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

54) NULL pointer dereference

EUVDB-ID: #VU63491

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1674

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted file and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

55) Security features bypass

EUVDB-ID: #VU68674

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42790

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to a logic issue in the Sidecar. An attacker with physical access to device can view restricted content from the lock screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

56) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU68673

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42793

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect verification of cryptographic signature within the Security component. A remote attacker can trick the victim into running a malicious app that appears to have a valid signature and compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

57) Buffer overflow

EUVDB-ID: #VU68634

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42795

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Accelerate Framework. A remote attacker can create a specially crafted image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

58) Buffer overflow

EUVDB-ID: #VU68647

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26730

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ColorSync when processing ICC profiles. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

59) UNIX symbolic link following

EUVDB-ID: #VU68655

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32905

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a symlink following issue when handling DWG files in Finder. A local application can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

60) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68654

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42788

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to Find My does not properly impose security restrictions. A malicious application installed on the system can obtain location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

61) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU68653

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32928

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a logic error within the Exchange app. A remote attacker on the local network can intercept mail credentials.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

62) Type Confusion

EUVDB-ID: #VU68652

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32915

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a type confusion error in DriverKit. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

63) Buffer overflow

EUVDB-ID: #VU68651

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32865

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in DriverKit. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

64) Information disclosure

EUVDB-ID: #VU68650

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42814

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Directory Utility. A local application can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

65) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

66) Incorrect default permissions

EUVDB-ID: #VU64684

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32207

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

67) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

68) Resource exhaustion

EUVDB-ID: #VU64681

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32205

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to curl does not impose limits to the size of cookies stored in the system. A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and consume all available disk space.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

69) Improper access control

EUVDB-ID: #VU68649

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32867

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions in Crash Reporter. An attacker with physical access to device can read data past diagnostic logs.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

70) Improper Certificate Validation

EUVDB-ID: #VU68612

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42813

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attacks.

The vulnerability exists due to improper certificate validation when handling WKWebView in CFNetwork. A remote attacker can forge a digital certificate, perform MitM attack and compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

71) Buffer overflow

EUVDB-ID: #VU68656

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42809

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing .gcx files in Grapher. A remote attacker can create a specially crafted .gcx file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

72) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68646

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42819

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in Calendar. A local application can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

73) Buffer overflow

EUVDB-ID: #VU68611

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32940

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within AVEVideoEncoder. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

74) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68645

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42796

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due within the Audio subsystem. A local application can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

75) Security features bypass

EUVDB-ID: #VU68644

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32890

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to incorrectly imposed security restrictions in ATS. A sandboxed process can bypass implemented restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

76) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68643

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32904

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to incorrectly imposed security restrictions in ATS. A local application can gain access to sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

77) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67188

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32902

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to a logic error in ATS. A local application can bypass Privacy preferences.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

78) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68610

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42825

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions within the AppleMobileFileIntegrity. A local application can modify protected parts of the filesystem.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

79) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68642

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42789

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to incorrect permissions in AppleMobileFileIntegrity. A local application can access sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

80) Buffer overflow

EUVDB-ID: #VU68641

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32827

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in AppleAVD. A local application can trigger memory corruption and crash the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

81) Buffer overflow

EUVDB-ID: #VU68638

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32899

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

82) Buffer overflow

EUVDB-ID: #VU68637

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32898

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Apple Neural Engine. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

83) Out-of-bounds read

EUVDB-ID: #VU68636

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Apple Neural Engine. A local application can trigger an out-of-bounds read error and read sensitive kernel state.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

84) Buffer overflow

EUVDB-ID: #VU68614

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32947

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within GPU Drivers. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

85) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68659

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32913

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions within the Image Processing subsystem. A local sandboxed application can determine, which app is currently using the camera.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

86) Security features bypass

EUVDB-ID: #VU68623

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42811

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can gain unauthorized access to user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

87) Out-of-bounds read

EUVDB-ID: #VU64274

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-29458

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in convert_strings in tinfo/read_entry.c in the terminfo library. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

88) Security features bypass

EUVDB-ID: #VU68629

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32862

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can gain unauthorized access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

89) Security features bypass

EUVDB-ID: #VU68672

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32881

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Sandbox. A local application can modify protected parts of the filesystem.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

90) Type conversion

EUVDB-ID: #VU62081

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-28739

CWE-ID: CWE-704 - Incorrect Type Conversion or Cast (Type Conversion)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a type conversion error in some convertion methods like Kernel#Float</code> and <code>String#to_f. A remote attacker can pass specially crafted data to the affected application, trigger memory corruption and execute arbitrary code in the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

91) Race condition

EUVDB-ID: #VU68622

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42832

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition within ppp implementation. A local application can exploit the race and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

92) Race condition

EUVDB-ID: #VU68621

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42831

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition within ppp implementation. A local application can exploit the race and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

93) Buffer overflow

EUVDB-ID: #VU68620

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42830

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in ppp implementation. A local privileged application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

94) Use-after-free

EUVDB-ID: #VU68619

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42829

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within ppp implementation. A local privileged application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

95) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68671

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32918

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Photos. A local application can bypass Privacy preferences.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

96) Race condition

EUVDB-ID: #VU68670

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32895

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to a race condition in PackageKit. A local application can exploit the race to modify protected parts of the filesystem.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

97) Information disclosure

EUVDB-ID: #VU68669

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32879

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper state management in Notifications. An attacker with physical access to device can access contacts from the lock screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

98) Information disclosure

EUVDB-ID: #VU68667

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42818

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient data protection in Notes. A remote attacker on the local network can track user activity.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

99) Out-of-bounds write

EUVDB-ID: #VU57577

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-39537

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

100) Out-of-bounds read

EUVDB-ID: #VU63826

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1622

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in LZWDecode() function in libtiff/tif_lzw.c:619. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and to perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

101) Buffer overflow

EUVDB-ID: #VU67194

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32908

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in MediaLibrary. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

102) Information disclosure

EUVDB-ID: #VU67193

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32883

CWE-ID: CWE-200 - Information Exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a logic issue in the Maps component. A remote attacker can gain unauthorized access to sensitive location information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

103) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68664

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42815

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists within the Mail app due to improperly imposed security restrictions. A local application can gain access to sensitive user information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

104) Out-of-bounds write

EUVDB-ID: #VU68618

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42808

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A remote application can trigger an out-of-bounds write and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

105) Use-after-free

EUVDB-ID: #VU68662

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32914

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

106) Buffer overflow

EUVDB-ID: #VU68617

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32924

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

107) Buffer overflow

EUVDB-ID: #VU67190

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32911

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

108) Buffer overflow

EUVDB-ID: #VU68661

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32866

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

109) Out-of-bounds read

EUVDB-ID: #VU67191

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32864

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the OS kernel. A local application can trigger an out-of-bounds read error and read kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

110) Race condition

EUVDB-ID: #VU68616

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42806

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition in IOKit. A local application can exploit the race and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

111) Buffer overflow

EUVDB-ID: #VU68615

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42820

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in IOHIDFamily. A local application can trigger memory corruption and execute arbitrary code on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

112) Out-of-bounds read

EUVDB-ID: #VU68660

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32936

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Intel Graphics Driver. A local application can trigger an out-of-bounds read error and read disclose kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

113) Information disclosure

EUVDB-ID: #VU68810

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32923

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in WebKit due to an error in the JIT implementation. A remote attacker can trick the victim to visit a malicious website and disclose internal states of the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

114) Buffer overflow

EUVDB-ID: #VU68805

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32926

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

115) Security features bypass

EUVDB-ID: #VU68800

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32935

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to FaceTime allows interaction with sensitive content via lock screen. An attacker with physical access to device can view restricted content from the lock screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

116) Buffer overflow

EUVDB-ID: #VU68808

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-32941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within ppp implementation. A remote attacker can trick the victim into connecting to a malicious PPP server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

117) Buffer overflow

EUVDB-ID: #VU68803

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32944

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

118) Heap-based buffer overflow

EUVDB-ID: #VU68701

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3437

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

119) Heap-based buffer overflow

EUVDB-ID: #VU66153

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-37434

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

120) Out-of-bounds read

EUVDB-ID: #VU68798

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42798

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing media files in the Audio subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

121) Heap-based buffer overflow

EUVDB-ID: #VU68812

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42800

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing gzip files. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

122) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68806

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42801

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the OS kernel. A local application can execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

123) Race condition

EUVDB-ID: #VU68804

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42803

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a race condition within the OS kernel. A local application can exploit the race and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

124) Out-of-bounds read

EUVDB-ID: #VU68807

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-42810

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

125) Cleartext storage of sensitive information

EUVDB-ID: #VU70519

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32833

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists in the way website data are stored within the WebKit Storage. A local application can gain access to potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

126) Improper access control

EUVDB-ID: #VU70516

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42838

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in CoreMedia. A local application can bypass implemented security restrictions and continue receiving video after the app, which activated the video stream, was closed.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

127) Out-of-bounds read

EUVDB-ID: #VU70517

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42833

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the GPU Drivers. A local application can trigger an out-of-bounds read error and execute arbitrary code with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

128) Improper access control

EUVDB-ID: #VU70515

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32945

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the Core Bluetooth implementation. A local application can perform unauthorized recording of audio with paired AirPods.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

129) Information disclosure

EUVDB-ID: #VU65595

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32849

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in iCloud Photo Library. A local application can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

130) Security features bypass

EUVDB-ID: #VU70245

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-42821

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to a logic error in BOM component. A local application can bypass Gatekeeper checks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

131) Use-after-free

EUVDB-ID: #VU70518

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-42826

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 13.0 22A380


CPE2.3 External links

http://support.apple.com/en-us/HT213488

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###