- 246/2022
- Critical
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, and Safari 16.1. The remote attacker could exploit these vulnerabilities to take control of the affected system.
The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like bypassing security restrictions, buffer overflow, spoofing, elevating privileges, and executing arbitrary code on the affected system.
Sample of the addressed vulnerabilities:
1. Apple macOS Ventura Code Execution (CVE-2022-32934):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Apple Safari Code Execution (CVE-2022-42823):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
3. Apple macOS Ventura privilege escalation (CVE-2022-42791):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privilege
Vulnerabilities
- CVE-2022-42823
- CVE-2022-42824
- CVE-2022-32862
- CVE-2022-42791
- CVE-2022-32934
- CVE-2022-42789
- CVE-2022-42795
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-32827
- CVE-2022-28739
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.