Macos Security Vulnerabilities
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
5.5CVSS
5.6AI Score
0.002EPSS
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
7.8CVSS
8AI Score
0.003EPSS
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
5.5CVSS
5.9AI Score
0.001EPSS
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
7.8CVSS
7.7AI Score
0.006EPSS
5.5CVSS
6.2AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.002EPSS
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable a race condition enabling symlink following (CWE-363)....
7.3CVSS
6.5AI Score
0.001EPSS
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.
7.8CVSS
7.4AI Score
0.001EPSS
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termin...
7.8CVSS
7.8AI Score
0.001EPSS
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.
5.5CVSS
4.5AI Score
0.0004EPSS
A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.
5.5CVSS
5.5AI Score
0.001EPSS
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.
7.8CVSS
8.3AI Score
0.001EPSS
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.
7.5CVSS
7AI Score
0.002EPSS
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.
9.8CVSS
8.5AI Score
0.003EPSS
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may ha...
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
6.1CVSS
6.2AI Score
0.003EPSS
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8CVSS
8.5AI Score
0.004EPSS
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.
7.8CVSS
8.2AI Score
0.001EPSS
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
6.5CVSS
6.3AI Score
0.001EPSS
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privi...
7.8CVSS
8.1AI Score
0.001EPSS
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.
6.5CVSS
6.4AI Score
0.001EPSS
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.
7.8CVSS
7.7AI Score
0.001EPSS
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock scree...
2.4CVSS
3.8AI Score
0.001EPSS
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.
5.5CVSS
5.6AI Score
0.001EPSS
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.
7.5CVSS
6.9AI Score
0.001EPSS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.
8.8CVSS
8.5AI Score
0.003EPSS
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.
7.8CVSS
7.8AI Score
0.001EPSS
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.
7.8CVSS
7.1AI Score
0.001EPSS
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privilege...
7.8CVSS
7.9AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
7.8CVSS
7.9AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
7.8CVSS
7.9AI Score
0.001EPSS
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.
5.5CVSS
5.5AI Score
0.001EPSS
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.
7.8CVSS
7.6AI Score
0.0004EPSS
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a re...
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.
4.6CVSS
4.4AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
8.8CVSS
8.5AI Score
0.003EPSS
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memo...
7.1CVSS
6.2AI Score
0.001EPSS