- 308/2022
- Critical
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, and Safari 16.2. In addition, the mentioned updates fix a zero-day vulnerability actively exploited in the wild.
The severity of the addressed vulnerabilities could allow the remote attacker to gainaccess to sensitive information, bypass security restrictions, cause a bufferoverflow, elevate privilege, perform spoofing attacks, execute arbitrary code andcause a denial of service attack on the affected system.
Sample of the addressed vulnerabilities:
1. Apple macOS Code Execution (CVE-2022-42842):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2. Apple Safari Code Execution (CVE-2022-42856):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
3. Apple macOS Monterey Security Bypass (CVE-2022-42861):
• CVSS: 8.4
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Bypass Security
It should be highlighted that Apple is aware that vulnerability CVE-2022-42856, caused by a type confusion flaw in the WebKit component, is actively exploited in the wild.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.