- 154/2022
- Critical
Apple has released security updates to address multiple vulnerabilities in the updated versions 2022-005 Catalina, macOS Big Sur 11.6.8, and Monterey 12.5.The severity of the addressed vulnerabilities could allow the attackers to perform several attacks, like elevating privileges, OS crashes, and executing arbitrary code on the affected system.
The addressed vulnerabilities include 37 flaws spanning different iOS and macOS components ranging from arbitrary code execution, privilege escalation, denial-of-service (DoS), and information disclosure.
Samples of the addressed vulnerabilities:
- Apple macOS Out-Of-Bounds Write (CVE-2022-32787):
The vulnerability allows the remote attacker to compromise vulnerable systems. The vulnerability exists due to boundary errors in ICU components when processing untrusted input. The remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code in the target system.- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
- Apple macOS Buffer Overflow (CVE-2022-32815):
The vulnerability allows the local application to escalate privileges on the system. The vulnerability exists due to a boundary error in the OS kernel. The local application can trigger memory corruption and execute arbitrary code with root privileges.- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Required
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.