Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

Most advanced persistent threat groups (APTs) use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found.

Security researchers at the University of Trento in Italy did an assessment of how organizations can best defend themselves against APTs in a recent report published online. What they found goes against some common security beliefs many security professionals and organizations have, they said.

The team manually curated a dataset of APT attacks that covers 86 APTs and 350 campaigns that occurred between 2008 to 2020. Researchers studied attack vectors, exploited vulnerabilities–e.g., zero-days vs public vulnerabilities–and affected software and versions.

One belief the research debunked is that all APTs are highly sophisticated and prefer attacking zero-day flaws rather than ones that have already been patched. “Contrary to common belief, most APT campaigns employed publicly known vulnerabilities,” they wrote in the report.

Indeed, of the 86 APTs that researchers investigated, only eight–Stealth Falcon, APT17, Equation, Dragonfly, Elderwood, FIN8, DarkHydrus and Rancor—exploited vulnerabilities that others didn’t, researchers found.

This demonstrates that not all the APTs are as sophisticated as many think, as the groups “often reuse tools, malware, and vulnerabilities,” they wrote in the report.

****Faster Updates Reduce Risk****

This finding promotes faster updates to fix known flaws in organizations’ systems rather than taking their time to apply updates that are released for known vulnerabilities, which seems to be the trend right now.

It typically takes more than 200 days for an enterprise to align 90 percent of their machines with the latest software patches due to regression testing, which ensures that updated systems function properly after the update, researchers found.

“Such behavior is rational because not all vulnerabilities are always exploited in the wild,” they wrote. However, to combat APTs, “slow updates do not seem appropriate,” researchers wrote.

In fact, faster updating could significantly lower odds of being compromised if organizations could “update as soon as an update is released,” they wrote.

Indeed, the study found that if an organization waits one month to update, they are 4.9 times more likely to be compromised; waiting three months made them 9.1 times as likely.

Still, immediate patching doesn’t guarantee that organizations won’t be compromised, researchers found. Enterprises that apply timely fixes “could still be compromised from 14 percent to 33 percent of the time,” they wrote.

****Update-Strategy Challenges****

Overall, researchers acknowledged that APTs present a unique challenge to organizations, as it’s difficult to predict if and when an attack will occur and thus it’s basically out of their control, they said.

“Unfortunately, a company cannot fully decide in advance the configuration they will have when hit (or most frequently not hit) by an attacker as it depends on the attacker’s choice,” researchers wrote.

What a company can control, however, it’s its software-update strategy, with organizations typically employing one of three options: Update immediately when new updates to software are available; wait some time to update to perform regression testing; or skip updates altogether.

Instead of updating for all new versions of software, researchers suggested a streamlined approach to focus on patching known flaws, which seems to have impact on an organization’s risk of APT attack, they said.

Organizations could perform “12 percent of all possible updates, restricting themselves only to versions that fix publicly known vulnerabilities” without significantly changing their odds of being compromised, researchers wrote.

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability.

Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960, both reported last month.

“Barracuda researchers analyzed the attacks and payloads detected by Barracuda systems between April to May and found a steady stream of attempts to exploit two recently uncovered VMware vulnerabilities: CVE-2022-22954 and CVE-2022-22960” reported by Barracuda.

VMware published an advisory on April 6, 2022, which detailed multiple security vulnerabilities. The most severe of these is CVE-2022-22954 with a CVSS score of 9.8, the bug allows an attacker with network access to perform remote code execution via server-side template injection on VMware Workspace ONE Access and Identity Manager Solutions.

The other bug involved CVE-2022-22960 (CVSS score 7.8), is a local privilege escalation vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. According to the advisory by VMware, the bug arises due to improper permission in support scripts allowing an attacker with local access to gain root privileges.

The VMware Workspace One is an intelligent-drive workspace platform that helps to manage any app on any device in a secure and simpler manner. The Identity manager handles the authentication to the platform and vRealize Automation is a DevOps-based infrastructure management platform for config of IT resources and automating the delivery of container-based applications.

****Exploitation Occurred After PoC Release****

The Barracuda researchers noted that the previous flaws are chained together for a potential full exploitation vector.

After the bug was disclosed by VMware in April, a proof-of-concept (PoC) was released on Github and shared via Twitter.

“Barracuda researchers started seeing probes and exploit attempts for this vulnerability soon after the release of the advisory and the initial release of the proof of concept on GitHub,” reported Barracuda.

After the release of PoC, the spike in attempts is noticed by the researcher, they classified it as a probe rather than actual attempts to exploit.

“The attacks have been consistent over time, barring a few spikes, and the vast majority of them are what would be classified as probes rather than actual exploit attempts,” they added.

The researchers at Barracuda also revealed that most of the exploit attempts are primarily from botnet operators, the IPs discovered still seem to host variants of the Mirai distributed-denial-of-service (DDoS) botnet malware, along with some Log4Shell exploits and low levels of EnemyBot (a type of DDoS botnet) attempts.

The majority of the attacks (76 percent) originated from the U.S. geographically, with most of them coming from data centers and cloud providers. The researcher added that there is a spike in IP addresses from the UK and Russia and about (6 percent) of the attacks emanate from these locations.

The researchers noted, “there are also consistent background attempts from known bad IPs in Russia.”

“Some of these IPs perform scans for specific vulnerabilities at regular intervals, and it looks like the VMware vulnerabilities have been added to their usual rotating list of Laravel/Drupal/PHP probes,” researchers explained

According to Barracuda “the interest levels on these vulnerabilities have stabilized” after the initial spike in April, the researcher expected to analyze low-level scanning and attempts for some time.

The best way to protect the systems is to apply the patches immediately, especially if the system is internet-facing, and to place a Web application firewall (WAF) in front of such systems “will add to defense in depth against zero-day attacks and other vulnerabilities, including Log4Shell,” advised by Barracuda.

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity, nefarious types are going in with the ultimate goal of infecting targets with various botnets or establishing a backdoor via Log4Shell.

That's according to Barracuda researchers, who found that attackers are particularly probing for the critical vulnerability tracked as CVE-2022-22954 in droves, with swaths of actual exploitation attempts in the mix as well.

The security vulnerability carries a CVSS score of 9.8 and affects the VMware Workspace ONE Access and Identity Manager. Workspace ONE is VMware's platform for delivering corporate applications to any device (a sort of juiced-up mobile device management solution), and the identity manager handles authentication to the platform. The bug allows remote code execution (RCE) via server-side template injection for attackers that have network access.

"A server-side template-injection issue may allow an unauthenticated user with access to the Web interface to execute any arbitrary shell command as the VMware user," Mike Goldgof, Barracuda's senior director of product marketing for data protection, network, and application security, tells Dark Reading. "In effect, a hacker can bring down the system, extract data, inject ransomware, etc."

"Cybercriminals are constantly scanning for these types of advisories and jump on them ASAP to attempt to exploit targets before they get a chance to download a patch," Goldgof noted. "\[And\] VMware infrastructure is widely deployed in both data center and cloud environments, providing a large population of attractive hacking targets." 

The activity sometimes involves a second bug (CVE-2022-22960, CVSS score of 7.8), which is a local privilege escalation (LPE) vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation (a platform for creating private clouds). The bug arises because of improper permissions in support scripts, according to VMware's advisory, and could allow attackers with local access to achieve root privileges. 

In this case, it's being chained with the previous flaw for a full exploitation vector, Barracuda noted.

VMware disclosed the bugs in April, and soon thereafter, a proof-of-concept (PoC) exploit was released on GitHub and tweeted out to the world. Unsurprisingly, researchers from multiple security firms started seeing probes and exploit attempts very soon thereafter — and the hits just keep coming. 

"Any serious vulnerability in a broadly used platform or application is cause for concern. Threat actors are always looking for an opportunity to hit multiple targets with minimal effort," Mike Parkin, senior technical engineer at Vulcan Cyber, tells Dark Reading. "VMware is one of the most popular virtualization platforms around, and often runs on powerful iron with multiple applications running on top of it. This gives an attacker multiple reasons to go after VMware servers."

**VMware Payloads du Jour**  
Barracuda researchers noticed that most of the probing in its telemetry now is for the VMware RCE vulnerability, using the PoC code from GitHub. Most of the actual exploit attempts meanwhile are now primarily from botnet operators, especially IPs hosting variants of the Mirai distributed denial-of-service (DDoS) botnet malware, along with a few EnemyBot samples (another DDoS baddie).

Otherwise, "some Log4Shell exploit attempts were also seen in the data," researchers noted.

As for who's behind the attacks, most originate in the US (76%), mostly emanating from data centers and cloud providers. However, the researchers also found "consistent background attempts" from Russian IP addresses that are well known to be affiliated with opportunistic cybercrime cartels.

"Some of these IPs perform scans for specific vulnerabilities at regular intervals, and it looks like the VMware vulnerabilities have been added to their usual rotating list of Laravel/Drupal/PHP probes," the researchers explained.

In April, another set of attacks was flagged, with a very different aim. An Iranian cyber-espionage group known as Rocket Kitten was seen exploiting the CVE-2022-22954 RCE to deliver the Core Impact penetration testing tool on vulnerable systems. And in another batch of April activity, cryptominers reportedly made their way into the exploitation-palooza lineup.

After several initial spikes in April, the interest levels in triggering these vulnerabilities have been holding steady, according to Barracuda, and the firm expects the scanning and exploitation attempts to continue for some time.

The best defense against this spate of attacks (and most botnet and Log4Shell activity) is Security 101 — i.e., patching. Defenders can also build in an extra layer of protection with a Web application firewall (WAF), adding "defense in depth against zero-day attacks and other vulnerabilities," according to Barracuda's Tuesday writeup.

It's important for companies to hop on patches for popular platforms as soon as vendor disclosures come out, Goldgof notes.

"Cybercriminals are constantly scanning for these types of advisories and jump on them ASAP to attempt to exploit targets before they get a chance to download a patch," he says. "\[And\] VMware infrastructure is widely deployed in both data center and cloud environments, providing a large population of attractive hacking targets."

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

If you're an Apple user, make sure you patch for CVE-2022-22675, a zero-day flaw actively exported in the wild.
The post Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV appeared first on Malwarebytes Labs.

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV.

The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files.

An out-of-bounds write or read flaw makes it possible to manipulate parts of the memory which are allocated to more critical functions. This could allow an attacker to write code to a part of the memory where it will be executed with permissions that the program and user should not have.

Attackers could take control of affected devices if they exploit this flaw.

CVE-2022-22675 is the same vulnerability that affected macOS Monterey 12.3.1, iOS 15.4.1, and iPad 15.4.1. The flaw for these was patched in March.

This latest batch of updates has improved bounds checking for additional Apple products running specific operating systems, particularly macOS Big Sur 11.6.6, watchOS 8.6, and tvOS 15.5. These OSs are installed in Apple Macs running Big Sur, Apple Watch Series 3 and later, and Apple TV (4K, 4K 2nd generation, and 4K HD).

Apple says it’s aware this flaw is currently being abused in the wild. It didn’t go into detail, likely to give customers time to patch up their Apple devices.

BleepingComputer has noted that attacks against CVE-2022-22675 might only be targeted in nature. However,if you’re using any or all of the above Apple products we mentioned, it is still wise to apply updates as soon as you can.

Stay safe!

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-6 tvOS 15.5

tvOS 15.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213254.

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AuthKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A local user may be able to enable iCloud Photos without  
authentication  
Description: An authentication issue was addressed with improved  
state management.  
CVE-2022-26724:  Jorge A. Caballero (@DataDrivenMD)

AVEVideoEncoder  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

DriverKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

IOKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26771: an anonymous researcher

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

Security  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p  
rhiw7BAAy82XZ2+vjnjFB1FrZ7ZnKtM4pz8MMpX4ZTD2ytgkwXi0qnyzBdMe/w4p  
zrpedL4p/RfdDOiM/4kWBtiH62qetiXDcE8tBqN8WTE9rf55cX4jlXrHASohFI2q  
ErkAjo51j2fg8S7a+luyaZWzBUZqlghtzWjtFgaHOQAP5dDf+He92kDerbrIDQw9  
dg0nL4os0VFgWdX0EtFC7umK8iiTFbvtoEbLDLFODWweaJN8LOP/LHe71YzAryKg  
Dh9ItWqVdzkCOKWR8F96NnoBs7c6B4naqQkS4k2F/m6C6ckPb8LI18ss7oiD3eMB  
k7oo7+u1zQFRKmk0XlfH7awxtEHjYjjw3LT8ko9QJ8mEuspxoiwW7n1mINWa7Khp  
YoCe88xR06kfti4h6MJDSN6JpxSnikEyJzR4j4xGL6rWjqCj+XV9ejrt9EgF8BL2  
JZ+Oceoh23m7IqVoMe1Hzjf1X3nsxXJQEg/xxRwHRknAjSNtVJUKhT4/ioOc9pu6  
TROAHYdSO5yRLNUNpj9RlkBeDbXtiWgA2IEg0wcUPzwf3Uzt2Qw9zBFbMb1hPSht  
7zTIOtF4Ub+MD6cFuHbC7hL58pRmA4FzEczLG81BoGGaFOCD2QDt0/ySTFr1M+YD  
g2L2PlZNgxd0zetkTkZbvAwroMUTRSi1GqxAhVeKwbvW4XAN+yc=  
=G3ho  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213253.

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

DriverKit  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: Apple Watch Series 3 and later  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

IOMobileFrameBuffer  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26771: an anonymous researcher

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: Apple Watch Series 3 and later  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2  
Available for: Apple Watch Series 3 and later  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

Security  
Available for: Apple Watch Series 3 and later  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

TCC  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p  
rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w  
XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe  
ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6  
FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz  
aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG  
rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN  
Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1  
TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9  
i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC  
AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2  
MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI=  
=zdvf  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-5

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Security Update 2022-004 Catalina addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213255.

apache  
Available for: macOS Catalina  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleGraphicsControl  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2022-26698: Qi Sun of Trend Micro

CoreTypes  
Available for: macOS Catalina  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Catalina  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Catalina  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Kernel  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

libresolv  
Available for: macOS Catalina  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Catalina  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Printing  
Available for: macOS Catalina  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Catalina  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Catalina  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Catalina  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Catalina  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Catalina  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Catalina  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Catalina  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

PackageKit  
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for  
their assistance.

Security Update 2022-004 Catalina may be obtained from the Mac App  
Store or Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p  
rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0  
58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB  
rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH  
4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ  
NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0  
NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm  
ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE  
9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG  
PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF  
x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i  
vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g=  
=JBHs  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213256.

apache  
Available for: macOS Big Sur  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleAVD  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AppleGraphicsControl  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

CoreTypes  
Available for: macOS Big Sur  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Big Sur  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

IOMobileFrameBuffer  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

LaunchServices  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

LaunchServices  
Available for: macOS Big Sur  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libresolv  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team

LibreSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

Printing  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Big Sur  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Big Sur  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Big Sur  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Big Sur  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Big Sur  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating Vim.  
CVE-2021-4136  
CVE-2021-4166  
CVE-2021-4173  
CVE-2021-4187  
CVE-2021-4192  
CVE-2021-4193  
CVE-2021-46059  
CVE-2022-0128

WebKit  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Big Sur  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

macOS Big Sur 11.6.6 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er  
K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW  
qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/  
vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP  
yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj  
SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR  
VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF  
aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc  
R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO  
zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4  
d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=  
=rtPl  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213257.

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26772: an anonymous researcher

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2022-26741: ABC Research s.r.o  
CVE-2022-26742: ABC Research s.r.o  
CVE-2022-26749: ABC Research s.r.o  
CVE-2022-26750: ABC Research s.r.o  
CVE-2022-26752: ABC Research s.r.o  
CVE-2022-26753: ABC Research s.r.o  
CVE-2022-26754: ABC Research s.r.o

apache  
Available for: macOS Monterey  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppleGraphicsControl  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AVEVideoEncoder  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

Contacts  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing

CVMS  
Available for: macOS Monterey  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow issue was addressed with improved  
input validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

ImageIO  
Available for: macOS Monterey  
Impact: Photo location information may persist after it is removed  
with Preview Inspector  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26725: Andrew Williams and Avi Drissman of Google

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

IOKit  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved code execution in macOS  
Recovery may be able to escalate to kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26743: Jordy Zomer (@pwningsystems)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: macOS Monterey  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: macOS Monterey  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

LaunchServices  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team  
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Preview  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing

Printing  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Safari Private Browsing  
Available for: macOS Monterey  
Impact: A malicious website may be able to track users in Safari  
private browsing mode  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26731: an anonymous researcher

Security  
Available for: macOS Monterey  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SoftwareUpdate  
Available for: macOS Monterey  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

Spotlight  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: A validation issue existed in the handling of symlinks  
and was addressed with improved validation of symlinks.  
CVE-2022-26704: an anonymous researcher

TCC  
Available for: macOS Monterey  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Monterey  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC  
Available for: macOS Monterey  
Impact: Video self-preview in a webRTC call may be interrupted if the  
user answers a phone call  
Description: A logic issue in the handling of concurrent media was  
addressed with improved state handling.  
WebKit Bugzilla: 237524  
CVE-2022-22677: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26762: Wang Yu of Cyberserval

zip  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

Calendar  
We would like to acknowledge Eugene Lim of Government Technology  
Agency of Singapore for their assistance.

FaceTime  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

FileVault  
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH  
for their assistance.

Login Window  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security for their assistance.

Photo Booth  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

System Preferences  
We would like to acknowledge Mohammad Tausif Siddiqui  
(@toshsiddiqui), an anonymous researcher for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Wi-Fi  
We would like to acknowledge Dana Morrison for their assistance.

macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg  
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI  
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma  
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+  
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc  
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV  
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa  
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ  
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs  
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f  
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=  
=jaCZ  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-2

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5iOS 15.5 and iPadOS 15.5 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213258.AppleAVDAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A use after free issue was addressed with improvedmemory management.CVE-2022-26702: an anonymous researcherAppleGraphicsControlAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a maliciously crafted image may lead to arbitrarycode executionDescription: A memory corruption issue was addressed with improvedinput validation.CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero DayInitiativeAVEVideoEncoderAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: An out-of-bounds write issue was addressed with improvedbounds checking.CVE-2022-26736: an anonymous researcherCVE-2022-26737: an anonymous researcherCVE-2022-26738: an anonymous researcherCVE-2022-26739: an anonymous researcherCVE-2022-26740: an anonymous researcherDriverKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to execute arbitrary codewith system privilegesDescription: An out-of-bounds access issue was addressed withimproved bounds checking.CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)GPU DriversAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26744: an anonymous researcherImageIOAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: An integer overflow issue was addressed with improvedinput validation.CVE-2022-26711: actae0n of Blacksun Hackers Club working with TrendMicro Zero Day InitiativeIOKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A race condition was addressed with improved locking.CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu LabIOMobileFrameBufferAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26768: an anonymous researcherIOSurfaceAcceleratorAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to execute arbitrary codewith kernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26771: an anonymous researcherKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs(@starlabs_sg)KernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A use after free issue was addressed with improvedmemory management.CVE-2022-26757: Ned Williamson of Google Project ZeroKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An attacker that has already achieved kernel code executionmay be able to bypass kernel memory mitigationsDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)KernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious attacker with arbitrary read and write capabilitymay be able to bypass Pointer AuthenticationDescription: A race condition was addressed with improved statehandling.CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)LaunchServicesAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A sandboxed process may be able to circumvent sandboxrestrictionsDescription: An access issue was addressed with additional sandboxrestrictions on third-party applications.CVE-2022-26706: Arsenii Kostromin (0x3c3e)libxml2Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: A use after free issue was addressed with improvedmemory management.CVE-2022-23308NotesAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a large input may lead to a denial of serviceDescription: This issue was addressed with improved checks.CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi NarainCollege Of Technology BhopalSafari Private BrowsingAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious website may be able to track users in Safariprivate browsing modeDescription: A logic issue was addressed with improved statemanagement.CVE-2022-26731: an anonymous researcherSecurityAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious app may be able to bypass signature validationDescription: A certificate parsing issue was addressed with improvedchecks.CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)ShortcutsAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A person with physical access to an iOS device may be able toaccess photos from the lock screenDescription: An authorization issue was addressed with improved statemanagement.CVE-2022-26703: Salman Syed (@slmnsd551)WebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to codeexecutionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 238178CVE-2022-26700: ryuzakiWebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A use after free issue was addressed with improvedmemory management.WebKit Bugzilla: 236950CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghuawingtecher labWebKit Bugzilla: 237475CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghuawingtecher labWebKit Bugzilla: 238171CVE-2022-26717: Jeonghoon Shin of TheoriWebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 238183CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun LabWebKit Bugzilla: 238699CVE-2022-26719: Dongzhuo Zhao working with ADLab of VenustechWebRTCAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Video self-preview in a webRTC call may be interrupted if theuser answers a phone callDescription: A logic issue in the handling of concurrent media wasaddressed with improved state handling.WebKit Bugzilla: 237524CVE-2022-22677: an anonymous researcherWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may disclose restricted memoryDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-26745: an anonymous researcherWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to elevate privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR TeamWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote attacker may be able to cause a denial of serviceDescription: This issue was addressed with improved checks.CVE-2015-4142: Kostya Kortchinsky of Google Security TeamWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A malicious application may be able to execute arbitrary codewith system privilegesDescription: A memory corruption issue was addressed with improvedmemory handling.CVE-2022-26762: Wang Yu of CyberservalAdditional recognitionAppleMobileFileIntegrityWe would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRingfor their assistance.FaceTimeWe would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRingfor their assistance.WebKitWe would like to acknowledge James Lee, an anonymous researcher fortheir assistance.Wi-FiWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team fortheir assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.5 and iPadOS 15.5".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1prhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMtEoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPVTpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvTEwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7IsrxWIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk==OMfW-----END PGP SIGNATURE-----

Tag

#zero_day