logo
DATABASE RESOURCES PRICING ABOUT US

About the security content of macOS Monterey 12.2

Description

# About the security content of macOS Monterey 12.2 This document describes the security content of macOS Monterey 12.2. ## About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page. Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible. For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. ## macOS Monterey 12.2 Released January 26, 2022 **AMD Kernel** Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22586: an anonymous researcher **ColorSync** Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro **Crash Reporter** Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry updated May 25, 2022 **iCloud** Available for: macOS Monterey Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) **Intel Graphics Driver** Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto **IOMobileFrameBuffer** Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved input validation. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01) **Kernel** Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs **Model I/O** Available for: macOS Monterey Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro **PackageKit** Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-22646: Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro Entry added May 11, 2023 **PackageKit** Available for: macOS Monterey Impact: An application may be able to delete files for which it does not have permission Description: An event handler validation issue in the XPC Services API was addressed by removing the service. CVE-2022-22676: Mickey Jin (@patch1t) of Trend Micro Entry added May 25, 2022 **PackageKit** Available for: macOS Monterey Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: Ron Hass (@ronhass7) of Perception Point, Mickey Jin (@patch1t) Entry updated May 25, 2022 **WebKit** Available for: macOS Monterey Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) **WebKit** Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) **WebKit** Available for: macOS Monterey Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) **WebKit Storage** Available for: macOS Monterey Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS ## Additional recognition **Kernel** We would like to acknowledge Tao Huang as an independent researcher for their assistance. Entry updated May 25, 2022 **Metal** We would like to acknowledge Tao Huang for their assistance. **PackageKit** We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. **WebKit** We would like to acknowledge Prakash (@1lastBr3ath) and bo13oy of Cyber Kunlun Lab for their assistance. Entry updated May 25, 2022 Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information. Published Date: November 02, 2023


Affected Software


CPE Name Name Version
macos monterey 12.2

Related