This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of WebP images in the ImageIO framework. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this vulnerability to execute code in the context of the current process.
{"id": "ZDI-22-792", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of WebP images in the ImageIO framework. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this vulnerability to execute code in the context of the current process.", "published": "2022-05-26T00:00:00", "modified": "2022-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-792/", "reporter": "actae0n of Blacksun Hackers Club", "references": ["https://support.apple.com/en-us/HT213257"], "cvelist": ["CVE-2022-26711"], "immutableFields": [], "lastseen": "2022-06-07T23:10:34", "viewCount": 9, "enchantments": {"score": {"value": 6.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "apple", "idList": ["APPLE:38D159D6E779C73F1BC2E5DC6FAE972E", "APPLE:63081AE5B69AA7BDB8335C6FB30CCAE2", "APPLE:A95E7412240FFF6EACC98CE0311A5EE5", "APPLE:DCF97E625A2F1F327AB03D7CEBDBE265", "APPLE:E82A2A3D978FD519CBF58A36F587B070"]}, {"type": "cve", "idList": ["CVE-2022-26711"]}, {"type": "nessus", "idList": ["APPLE_IOS_155_CHECK.NBIN", "ITUNES_12_12_4.NASL", "ITUNES_12_12_4_BANNER.NASL", "MACOS_HT213257.NASL"]}]}, "epss": [{"cve": "CVE-2022-26711", "epss": "0.003670000", "percentile": "0.681980000", "modified": "2023-03-19"}], "vulnersScore": 6.1}, "_state": {"score": 1659992473, "dependencies": 1659988328, "epss": 1679298256}, "_internal": {"score_hash": "dd139f6e8727410cc90fe072262cfdf9"}}
{"cve": [{"lastseen": "2023-02-09T14:17:57", "description": "An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-26T19:15:00", "type": "cve", "title": "CVE-2022-26711", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711"], "modified": "2022-06-07T21:15:00", "cpe": [], "id": "CVE-2022-26711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26711", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "nessus": [{"lastseen": "2023-01-10T19:23:56", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213259 advisory.\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.12.4 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"], "modified": "2022-06-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_12_4.NASL", "href": "https://www.tenable.com/plugins/nessus/161376", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161376);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/01\");\n\n script_cve_id(\n \"CVE-2022-26711\",\n \"CVE-2022-26717\",\n \"CVE-2022-26751\",\n \"CVE-2022-26773\",\n \"CVE-2022-26774\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213259\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-18\");\n\n script_name(english:\"Apple iTunes < 12.12.4 Multiple Vulnerabilities (credentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT213259 advisory.\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5,\n iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker\n may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6,\n macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213259\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26717\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26751\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::get_app_info(app:'iTunes Version', win_local:TRUE);\nvar constraints = [{'fixed_version':'12.12.4'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:22:28", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213259 advisory.\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"], "modified": "2022-06-01T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_12_4_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/161375", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161375);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/01\");\n\n script_cve_id(\n \"CVE-2022-26711\",\n \"CVE-2022-26717\",\n \"CVE-2022-26751\",\n \"CVE-2022-26773\",\n \"CVE-2022-26774\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213259\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-18\");\n\n script_name(english:\"Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is prior to 12.12.4. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the HT213259 advisory.\n\n - An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5,\n iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker\n may be able to cause unexpected application termination or arbitrary code execution. (CVE-2022-26711)\n\n - A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes\n 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6,\n macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.\n (CVE-2022-26751)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. An application may be able to delete files for which it does not have permission.\n (CVE-2022-26773)\n\n - A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for\n Windows. A local attacker may be able to elevate their privileges. (CVE-2022-26774)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT213259\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26717\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26751\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"installed_sw/iTunes DAAP\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nvar app = 'iTunes DAAP';\nvar port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nvar app_info = vcf::get_app_info(app:app, port:port);\nif (app_info.Type != 'Windows') audit(AUDIT_OS_NOT, 'Windows');\nvar constraints = [{'fixed_version':'12.12.4'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T00:13:37", "description": "The version of Apple iOS running on the mobile device is prior to 15.5. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)\n\n - A vulnerability in WebKit may lead to code execution when processing malicious web content due to a memory corruption issue. (CVE-2022-26700)\n\n - A vulnerability in AppleGraphicsControl that may lead to code execution when processing malicious images due to a memory corruption issue. (CVE-2022-26751:)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-19T00:00:00", "type": "nessus", "title": "Apple iOS < 15.5 Multiple Vulnerabilities (HT213258)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4142", "CVE-2022-22673", "CVE-2022-22677", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26702", "CVE-2022-26703", "CVE-2022-26706", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26744", "CVE-2022-26745", "CVE-2022-26751", "CVE-2022-26757", "CVE-2022-26760", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26771"], "modified": "2023-03-08T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_155_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/161384", "sourceData": "Binary data apple_ios_155_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:24:04", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.4 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2018-25032)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser. (CVE-2021-44790)\n\n - Exploitation of this vulnerability may lead to arbitrary code execution. (CVE-2021-45444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-20T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.4 (HT213257)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22677", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26693", "CVE-2022-26694", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26704", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26718", "CVE-2022-26719", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26725", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26741", "CVE-2022-26742", "CVE-2022-26743", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26749", "CVE-2022-26750", "CVE-2022-26751", "CVE-2022-26752", "CVE-2022-26753", "CVE-2022-26754", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26772", "CVE-2022-26775", "CVE-2022-26776"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213257.NASL", "href": "https://www.tenable.com/plugins/nessus/161410", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161410);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2018-25032\",\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2021-45444\",\n \"CVE-2022-0530\",\n \"CVE-2022-0778\",\n \"CVE-2022-22677\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23308\",\n \"CVE-2022-26693\",\n \"CVE-2022-26694\",\n \"CVE-2022-26697\",\n \"CVE-2022-26698\",\n \"CVE-2022-26700\",\n \"CVE-2022-26701\",\n \"CVE-2022-26704\",\n \"CVE-2022-26706\",\n \"CVE-2022-26708\",\n \"CVE-2022-26709\",\n \"CVE-2022-26710\",\n \"CVE-2022-26711\",\n \"CVE-2022-26712\",\n \"CVE-2022-26714\",\n \"CVE-2022-26715\",\n \"CVE-2022-26716\",\n \"CVE-2022-26717\",\n \"CVE-2022-26718\",\n \"CVE-2022-26719\",\n \"CVE-2022-26720\",\n \"CVE-2022-26721\",\n \"CVE-2022-26722\",\n \"CVE-2022-26723\",\n \"CVE-2022-26725\",\n \"CVE-2022-26726\",\n \"CVE-2022-26727\",\n \"CVE-2022-26728\",\n \"CVE-2022-26731\",\n \"CVE-2022-26736\",\n \"CVE-2022-26737\",\n \"CVE-2022-26738\",\n \"CVE-2022-26739\",\n \"CVE-2022-26740\",\n \"CVE-2022-26741\",\n \"CVE-2022-26742\",\n \"CVE-2022-26743\",\n \"CVE-2022-26745\",\n \"CVE-2022-26746\",\n \"CVE-2022-26748\",\n \"CVE-2022-26749\",\n \"CVE-2022-26750\",\n \"CVE-2022-26751\",\n \"CVE-2022-26752\",\n \"CVE-2022-26753\",\n \"CVE-2022-26754\",\n \"CVE-2022-26755\",\n \"CVE-2022-26756\",\n \"CVE-2022-26757\",\n \"CVE-2022-26761\",\n \"CVE-2022-26762\",\n \"CVE-2022-26763\",\n \"CVE-2022-26764\",\n \"CVE-2022-26765\",\n \"CVE-2022-26766\",\n \"CVE-2022-26767\",\n \"CVE-2022-26768\",\n \"CVE-2022-26769\",\n \"CVE-2022-26770\",\n \"CVE-2022-26772\",\n \"CVE-2022-26775\",\n \"CVE-2022-26776\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213257\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-05-16-2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n\n script_name(english:\"macOS 12.x < 12.4 (HT213257)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.4 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2018-25032)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser. (CVE-2021-44790)\n\n - Exploitation of this vulnerability may lead to arbitrary code execution. (CVE-2021-45444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213257\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26772\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-26776\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.4', \n 'fixed_display': 'macOS Monterey 12.4'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2022-10-29T05:58:53", "description": "# About the security content of iTunes 12.12.4 for Windows\n\nThis document describes the security content of iTunes 12.12.4 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.12.4 for Windows\n\nReleased May 18, 2022\n\n**AppleGraphicsControl**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Windows 10 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**iTunes**\n\nAvailable for: Windows 10 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26774: Sai Wynn Myat (@404death)\n\n**Mobile Device Service**\n\nAvailable for: Windows 10 and later\n\nImpact: An application may be able to delete files for which it does not have permission\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26773: Sai Wynn Myat (@404death)\n\n**WebKit**\n\nAvailable for: Windows 10 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: May 18, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-18T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.12.4 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-26711", "CVE-2022-26717", "CVE-2022-26751", "CVE-2022-26773", "CVE-2022-26774"], "modified": "2022-05-18T00:00:00", "id": "APPLE:38D159D6E779C73F1BC2E5DC6FAE972E", "href": "https://support.apple.com/kb/HT213259", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T17:11:42", "description": "# About the security content of watchOS 8.6\n\nThis document describes the security content of watchOS 8.6.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 8.6\n\nReleased May 16, 2022\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26702: an anonymous researcher\n\n**AppleAVD**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22675: an anonymous researcher\n\n**DriverKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**IOMobileFrameBuffer**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**IOSurfaceAccelerator**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26771: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Max Shavrick (@_mxms) of the Google Security Team, Zubair Ashraf of Crowdstrike\n\nEntry added June 21, 2022\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**Security**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**TCC**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry added July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: an anonymous researcher\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 06, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of watchOS 8.6", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22675", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26702", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26726", "CVE-2022-26745", "CVE-2022-26757", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26768", "CVE-2022-26771", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32790"], "modified": "2022-05-16T00:00:00", "id": "APPLE:63081AE5B69AA7BDB8335C6FB30CCAE2", "href": "https://support.apple.com/kb/HT213253", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T21:58:26", "description": "# About the security content of tvOS 15.5\n\nThis document describes the security content of tvOS 15.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 15.5\n\nReleased May 16, 2022\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26702: an anonymous researcher\n\n**AppleAVD**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-22675: an anonymous researcher\n\n**AuthKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A local user may be able to enable iCloud Photos without authentication\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2022-26724: Jorge A. Caballero (@DataDrivenMD)\n\n**AVEVideoEncoder**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**DriverKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**ImageIO**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**IOKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOMobileFrameBuffer**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**IOSurfaceAccelerator**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26771: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Max Shavrick (@_mxms) of the Google Security Team, Zubair Ashraf of Crowdstrike\n\nEntry added June 21, 2022\n\n**libxml2**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**Security**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: July 06, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of tvOS 15.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22675", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26702", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26724", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26745", "CVE-2022-26757", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26768", "CVE-2022-26771", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32790"], "modified": "2022-05-16T00:00:00", "id": "APPLE:DCF97E625A2F1F327AB03D7CEBDBE265", "href": "https://support.apple.com/kb/HT213254", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T22:04:00", "description": "# About the security content of iOS 15.5 and iPadOS 15.5\n\nThis document describes the security content of iOS 15.5 and iPadOS 15.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 15.5 and iPadOS 15.5\n\nReleased May 16, 2022\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26702: an anonymous researcher, Antonio Zekic (@antoniozekic), and John Aakerblom (@jaakerblom)\n\nEntry updated March 16, 2023 \n\n**AppleGraphicsControl**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AVEVideoEncoder**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**DriverKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**GPU Drivers**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26744: an anonymous researcher\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**IOKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOSurfaceAccelerator**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26771: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Max Shavrick (@_mxms) of the Google Security Team, Zubair Ashraf of Crowdstrike\n\nEntry added June 21, 2022\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**Notes**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a large input may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal\n\n**Safari Private Browsing**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26731: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Shortcuts**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-26703: Salman Syed (@slmnsd551)\n\n**TCC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: Antonio Cheong Yu Xuan of YCISCQ\n\nEntry added March 16, 2023\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call\n\nDescription: A logic issue in the handling of concurrent media was addressed with improved state handling.\n\nWebKit Bugzilla: 237524 \nCVE-2022-22677: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2015-4142: Kostya Kortchinsky of Google Security Team\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26762: Wang Yu of Cyberserval\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FileVault**\n\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.\n\nEntry added March 16, 2023 \n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**Wi-Fi**\n\nWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 16, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of iOS 15.5 and iPadOS 15.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4142", "CVE-2022-22673", "CVE-2022-22677", "CVE-2022-23308", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26702", "CVE-2022-26703", "CVE-2022-26706", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26714", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-26726", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26744", "CVE-2022-26745", "CVE-2022-26751", "CVE-2022-26757", "CVE-2022-26760", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26771", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32781", "CVE-2022-32790"], "modified": "2022-05-16T00:00:00", "id": "APPLE:A95E7412240FFF6EACC98CE0311A5EE5", "href": "https://support.apple.com/kb/HT213258", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-29T05:58:59", "description": "# About the security content of macOS Monterey 12.4\n\nThis document describes the security content of macOS Monterey 12.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.4\n\nReleased May 16, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26772: an anonymous researcher\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2022-26741: ABC Research s.r.o\n\nCVE-2022-26742: ABC Research s.r.o\n\nCVE-2022-26749: ABC Research s.r.o\n\nCVE-2022-26750: ABC Research s.r.o\n\nCVE-2022-26752: ABC Research s.r.o\n\nCVE-2022-26753: ABC Research s.r.o\n\nCVE-2022-26754: ABC Research s.r.o\n\n**apache**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in apache\n\nDescription: Multiple issues were addressed by updating apache to version 2.4.53.\n\nCVE-2021-44224\n\nCVE-2021-44790\n\nCVE-2022-22719\n\nCVE-2022-22720\n\nCVE-2022-22721\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be able to view sensitive user information\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-26707: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-26698: Qi Sun of Trend Micro, Ye Zhang (@co0py_Cat) of Baidu Security\n\nEntry updated July 6, 2022\n\n**AVEVideoEncoder**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26736: an anonymous researcher\n\nCVE-2022-26737: an anonymous researcher\n\nCVE-2022-26738: an anonymous researcher\n\nCVE-2022-26739: an anonymous researcher\n\nCVE-2022-26740: an anonymous researcher\n\n**Bluetooth**\n\nAvailable for: macOS Monterey\n\nImpact: An app may gain unauthorized access to Bluetooth\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32783: Jon Thompson of Evolve (Des Moines, IA)\n\nEntry added July 6, 2022\n\n**Contacts**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**CVMS**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\n\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\n**DriverKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds access issue was addressed with improved bounds checking.\n\nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**FaceTime**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32781: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow issue was addressed with improved input validation.\n\nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Photo location information may persist after it is removed with Preview Inspector\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\n**IOKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\n**IOMobileFrameBuffer**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-26768: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs (@starlabs_sg)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-26757: Ned Williamson of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: An access issue was addressed with additional sandbox restrictions on third-party applications.\n\nCVE-2022-26706: Arsenii Kostromin (0x3c3e), Jonathan Bar Or of Microsoft\n\nEntry updated July 6, 2022\n\n**LaunchServices**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: The issue was addressed with additional permissions checks.\n\nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Libinfo**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32882: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab\n\nEntry added September 16, 2022\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause a denial-of-service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32790: Max Shavrick (@_mxms) of the Google Security Team\n\nEntry added June 21, 2022\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team\n\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\n**libresolv**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\n**LibreSSL**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2022-0778\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2022-23308\n\n**OpenSSL**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted certificate may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-0778\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32794: Mickey Jin (@patch1t)\n\nEntry added October 4, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-22617: Mickey Jin (@patch1t)\n\nEntry added July 6, 2022\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26712: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26727: Mickey Jin (@patch1t)\n\n**Photo Booth**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to access private information\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32782: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added July 6, 2022\n\n**Preview**\n\nAvailable for: macOS Monterey\n\nImpact: A plug-in may be able to inherit the application's permissions and access user data\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Printing**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2022-26746: @gorelics\n\n**Safari Private Browsing**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-26731: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious app may be able to bypass signature validation\n\nDescription: A certificate parsing issue was addressed with improved checks.\n\nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-26723: Felix Poulin-Belanger\n\n**SoftwareUpdate**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2022-26728: Mickey Jin (@patch1t)\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.\n\nCVE-2022-26704: Joshua Mason of Mandiant\n\nEntry updated July 6, 2022\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user's screen\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26726: an anonymous researcher\n\n**Tcl**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\n**Terminal**\n\nAvailable for: macOS Monterey\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved environment sanitization.\n\nCVE-2022-26696: Ron Waisberg, Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238178 \nCVE-2022-26700: ryuzaki\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nWebKit Bugzilla: 236950 \nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 237475 \nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab\n\nWebKit Bugzilla: 238171 \nCVE-2022-26717: Jeonghoon Shin of Theori\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 238183 \nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\n\nWebKit Bugzilla: 238699 \nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call\n\nDescription: A logic issue in the handling of concurrent media was addressed with improved state handling.\n\nWebKit Bugzilla: 237524 \nCVE-2022-22677: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-26745: Scarlet Raine\n\nEntry updated July 6, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26761: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2022-26762: Wang Yu of Cyberserval\n\n**zip**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to a denial of service\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2022-0530\n\n**zlib**\n\nAvailable for: macOS Monterey\n\nImpact: An attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2018-25032: Tavis Ormandy\n\n**zsh**\n\nAvailable for: macOS Monterey\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed by updating to zsh version 5.8.1.\n\nCVE-2021-45444\n\n\n\n## Additional recognition\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge Jann Horn of Project Zero for their assistance.\n\n**Calendar**\n\nWe would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.\n\n**FaceTime**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**FileVault**\n\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\n**Photo Booth**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**System Preferences**\n\nWe would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui) and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**WebKit**\n\nWe would like to acknowledge James Lee and an anonymous researcher for their assistance.\n\nEntry updated May 25, 2022 \n\n**Wi-Fi**\n\nWe would like to acknowledge Dana Morrison for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 04, 2022\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2021-44224", "CVE-2021-44790", "CVE-2021-45444", "CVE-2022-0530", "CVE-2022-0778", "CVE-2022-22617", "CVE-2022-22677", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23308", "CVE-2022-26693", "CVE-2022-26694", "CVE-2022-26696", "CVE-2022-26697", "CVE-2022-26698", "CVE-2022-26700", "CVE-2022-26701", "CVE-2022-26704", "CVE-2022-26706", "CVE-2022-26707", "CVE-2022-26708", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26711", "CVE-2022-26712", "CVE-2022-26714", "CVE-2022-26715", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26718", "CVE-2022-26719", "CVE-2022-26720", "CVE-2022-26721", "CVE-2022-26722", "CVE-2022-26723", "CVE-2022-26725", "CVE-2022-26726", "CVE-2022-26727", "CVE-2022-26728", "CVE-2022-26731", "CVE-2022-26736", "CVE-2022-26737", "CVE-2022-26738", "CVE-2022-26739", "CVE-2022-26740", "CVE-2022-26741", "CVE-2022-26742", "CVE-2022-26743", "CVE-2022-26745", "CVE-2022-26746", "CVE-2022-26748", "CVE-2022-26749", "CVE-2022-26750", "CVE-2022-26751", "CVE-2022-26752", "CVE-2022-26753", "CVE-2022-26754", "CVE-2022-26755", "CVE-2022-26756", "CVE-2022-26757", "CVE-2022-26761", "CVE-2022-26762", "CVE-2022-26763", "CVE-2022-26764", "CVE-2022-26765", "CVE-2022-26766", "CVE-2022-26767", "CVE-2022-26768", "CVE-2022-26769", "CVE-2022-26770", "CVE-2022-26772", "CVE-2022-26775", "CVE-2022-26776", "CVE-2022-32781", "CVE-2022-32782", "CVE-2022-32783", "CVE-2022-32790", "CVE-2022-32794", "CVE-2022-32882"], "modified": "2022-05-16T00:00:00", "id": "APPLE:E82A2A3D978FD519CBF58A36F587B070", "href": "https://support.apple.com/kb/HT213257", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability
