My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more

Published: 2022-03-14. Last Updated: 2022-03-14 19:44:27 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

 

Apple today released one of its massive "surprise" updates for all of its operating systems. This includes updates for Safari as well as stand-alone security updates for older operating systems like macOS Big Sur and Catalina. As so often, this also includes feature updates for the respective operating systems.

It should be noted that Python 2 was removed from MacOS 12.3. This may still be needed by some third-party applications and you should check with the respective vendor for plans to update to Python 3. Python 2 support officially ended January 1st, 2020, but many applications still need it.

Kernel extensions used by Dropbox Desktop Application and Microsoft OneDrive have also been removed (however, these tools may still work).

And finally, PostScript files can no longer be viewed inline.

For more details, see Apple's security update page: https://support.apple.com/en-us/HT201222

and the developer release notes for macOS: https://developer.apple.com/documentation/macos-release-notes/macos-12_3-release-notes 

[I may tweak the table below a bit more. But wanted to get this out to give some initial guidance. Feedback welcome. ]

 

CatalinaBigSurMontereytvOSiOS/iPadOSwatchOS
CVE-2022-22631 [important] AppleGraphicsControl
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to gain elevated privileges
xxx
CVE-2022-22648 [important] AppleScript
This issue was addressed with improved checks.
An application may be able to read restricted memory
xxx
CVE-2022-22627 [important] AppleScript
An out-of-bounds read was addressed with improved bounds checking.
Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
xxx
CVE-2022-22626 [important] AppleScript
An out-of-bounds read was addressed with improved bounds checking.
Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
xxx
CVE-2022-22625 [important] AppleScript
An out-of-bounds read was addressed with improved input validation.
Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
xxx
CVE-2022-22597 [critical] AppleScript
A memory corruption issue was addressed with improved validation.
Processing a maliciously crafted file may lead to arbitrary code execution
xxx
CVE-2022-22616 [important] Safari Downloads
This issue was addressed with improved checks.
A maliciously crafted ZIP archive may bypass Gatekeeper checks
xxx
CVE-2022-22661 [important] Intel Graphics Driver
A type confusion issue was addressed with improved state handling.
An application may be able to execute arbitrary code with kernel privileges
xxx
CVE-2022-22613 [important] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges
xxxxxx
CVE-2022-22615 [important] Kernel
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges
xxxxxx
CVE-2022-22614 [important] Kernel
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges
xxxxxx
CVE-2022-22638 [important] Kernel
A null pointer dereference was addressed with improved validation.
An attacker in a privileged position may be able to perform a denial of service attack
xxxxxx
CVE-2022-22647 [critical] Login Window
This issue was addressed with improved checks.
A person with access to a Mac may be able to bypass Login Window
xxx
CVE-2022-22656 [other] LoginWindow
An authentication issue was addressed with improved state management.
A local attacker may be able to view the previous logged in user?s desktop from the fast user switching screen
xxx
CVE-2022-22617 [important] PackageKit
A logic issue was addressed with improved state management.
An application may be able to gain elevated privileges
xxx
CVE-2022-22650 [important] QuickTime Player
This issue was addressed with improved checks.
A plug-in may be able to inherit the application's permissions and access user data
xxx
WebKit Bugzilla [important] WebKit
A logic issue was addressed with improved state management.
A malicious website may cause unexpected cross-origin behavior
xxxxxx
CVE-2022-22582 [important] xar
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
A local user may be able to write arbitrary files
xxx
CVE-2022-22633 [critical] Accelerate Framework
A memory corruption issue was addressed with improved state management.
Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
xxxx
CVE-2022-22632 [important] Kernel
A logic issue was addressed with improved state management.
A malicious application may be able to elevate privileges
xxxxx
CVE-2022-22599 [other] Siri

A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen
xxxx
CVE-2022-22669 [important] AMD
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges
x
CVE-2022-22665 [important] AppKit
A logic issue was addressed with improved validation.
A malicious application may be able to gain root privileges
x
CVE-2021-22946 [other] curl
Multiple issues were addressed by updating to curl version 7.79.1.
Multiple issues in curl
x
CVE-2021-22947 [other] curl
Multiple issues were addressed by updating to curl version 7.79.1.
Multiple issues in curl
x
CVE-2021-22945 [other] curl
Multiple issues were addressed by updating to curl version 7.79.1.
Multiple issues in curl
x
CVE-2022-22623 [other] curl
Multiple issues were addressed by updating to curl version 7.79.1.
Multiple issues in curl
x
CVE-2022-22643 [important] FaceTime
This issue was addressed with improved checks.
A user may send audio and video in a FaceTime call without knowing that they have done so
xx
CVE-2022-22611 [critical] ImageIO
An out-of-bounds read was addressed with improved input validation.
Processing a maliciously crafted image may lead to arbitrary code execution
xxxx
CVE-2022-22612 [critical] ImageIO
A memory consumption issue was addressed with improved memory handling.
Processing a maliciously crafted image may lead to heap corruption
xxxx
CVE-2022-22641 [important] IOGPUFamily
A use after free issue was addressed with improved memory management.
An application may be able to gain elevated privileges
xxx
CVE-2022-22640 [important] Kernel
A memory corruption issue was addressed with improved validation.
An application may be able to execute arbitrary code with kernel privileges
xxxx
CVE-2021-36976 [other] libarchive
Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.
Multiple issues in libarchive
xxx
CVE-2022-22657 [other] GarageBand MIDI
A memory initialization issue was addressed with improved memory handling.
Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
x
CVE-2022-22664 [other] GarageBand MIDI
An out-of-bounds read was addressed with improved bounds checking.
Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
x
CVE-2022-22644 [other] NSSpellChecker
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.
A malicious application may be able to access information about a user's contacts
x
CVE-2022-22609 [other] Preferences
The issue was addressed with additional permissions checks.
A malicious application may be able to read other applications' settings
xxxx
CVE-2022-22600 [other] Sandbox
The issue was addressed with improved permissions logic.
A malicious application may be able to bypass certain Privacy preferences
xxxx
CVE-2022-22651 [other] SMB
An out-of-bounds write issue was addressed with improved bounds checking.
A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
x
CVE-2022-22639 [important] SoftwareUpdate
A logic issue was addressed with improved state management.
An application may be able to gain elevated privileges
xx
CVE-2022-22660 [other] System Preferences
This issue was addressed with a new entitlement.
An app may be able to spoof system notifications and UI
x
CVE-2022-22621 [other] UIKit
This issue was addressed with improved checks.
A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions
xxxx
CVE-2021-4136 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-4166 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-4173 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-4187 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-4192 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-4193 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-46059 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2022-0128 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2022-0156 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2022-0158 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim
x
CVE-2021-30918 [other] VoiceOver
A lock screen issue was addressed with improved state management.
A user may be able to view restricted content from the lock screen
x
CVE-2022-22668 [important] Wi-Fi
A logic issue was addressed with improved restrictions.
A malicious application may be able to leak sensitive user information
xx
CVE-2022-22666 [critical] AppleAVD
A memory corruption issue was addressed with improved validation.
Processing a maliciously crafted image may lead to heap corruption
xxx
CVE-2022-22634 [important] AVEVideoEncoder
A buffer overflow was addressed with improved bounds checking.
A malicious application may be able to execute arbitrary code with kernel privileges
xx
CVE-2022-22635 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to gain elevated privileges
xx
CVE-2022-22636 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges
xx
CVE-2022-22670 [other] MediaRemote
An access issue was addressed with improved access restrictions.
A malicious application may be able to identify what other applications a user has installed
xxx
CVE-2022-22596 [important] Kernel
A memory corruption issue was addressed with improved validation.
An application may be able to execute arbitrary code with kernel privileges
xx
CVE-2022-22618 [other] Phone
This issue was addressed with improved checks.
A user may be able to bypass the Emergency SOS passcode prompt
xx
CVE-2022-22654 [other] Safari
A user interface issue was addressed.
Visiting a malicious website may lead to address bar spoofing
x
WebKit Bugzilla 233172 CVE-2022-22624 [critical] WebKit
A use after free issue was addressed with improved memory management.
Processing maliciously crafted web content may lead to arbitrary code execution
x
CVE-2022-22652 [other] Cellular
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel.
A person with physical access may be able to view and modify the carrier account information and settings from the lock screen
x
CVE-2022-22598 [other] CoreMedia
An issue with app access to camera metadata was addressed with improved logic.
An app may be able to learn information about the current camera view before being granted camera access
x
CVE-2022-22642 [other] FaceTime
This issue was addressed with improved checks.
A user may be able to bypass the Emergency SOS passcode prompt
x
CVE-2022-22667 [important] GPU Drivers
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges
x
CVE-2022-22653 [important] iTunes
A logic issue was addressed with improved restrictions.
A malicious website may be able to access information about the user and their devices
x
CVE-2022-22622 [other] Markup
This issue was addressed with improved checks.
A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions
x
CVE-2022-22659 [important] NetworkExtension
A logic issue was addressed with improved state management.
An attacker in a privileged network position may be able to leak sensitive user information
x
CVE-2022-22671 [important] VoiceOver
An authentication issue was addressed with improved state management.
A person with physical access to an iOS device may be able to access photos from the lock screen
x

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments


Diary Archives