- 192/2022
- High
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Monterey 12.5.1. The remote attacker could exploit these vulnerabilities to take control of the affected system.
- The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like elevating privileges, and executing arbitrary code on the affected system.
1- Apple macOS Code Execution (CVE-2022-32893):
Apple macOS Monterey could allow the remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the WebKit component. The attacker could exploit this vulnerability to execute arbitrary code on the system by persuading a victim to visit a specially-crafted Web site.
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2- Apple macOS Privilege Escalation (CVE-2022-32894):
Apple macOS Monterey could allow the local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the Kernel component. The attacker could exploit this vulnerability to execute arbitrary code with kernel privileges by using a specially crafted application.
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2022-32893
- CVE-2022-32894
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.