- 204/2022
- High
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Monterey 12.6, macOS Big Sur 11.7, and Safari 16. The remote attacker could exploit these vulnerabilities to take control of the affected system.
The severity of the addressed vulnerabilities could allow the attackers to perform
several attacks like bypassing security restrictions, disclosing information, buffer
overflow, spoofing, elevating privileges, and executing arbitrary code on the
affected system.
Sample of the addressed vulnerabilities:
1. Apple Safari WebKit buffer overflow (CVE-2022-32886):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Apple macOS Monterey, iOS, and iPadOS privilege escalation (CVE-2022- 32917):
- CVSS: 8.4
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2022-32854
- CVE-2022-32864
- CVE-2022-32868
- CVE-2022-32883
- CVE-2022-32900
- CVE-2022-32902
- CVE-2022-32908
- CVE-2022-32911
- CVE-2022-32886
- CVE-2022-32891
- CVE-2022-32896
- CVE-2022-32912
- CVE-2022-32917
- CVE-2022-32795
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.