macOS 12.2 patches 13 major security vulnerabilities affecting Safari, root access, iCloud, and more

Apple’s latest updates for Mac include fixes for various security vulnerabilities. macOS 12.2 patches 13 critical security vulnerabilities, ranging from Safari web browsing leaks to vulnerabilities that could allow malicious applications to access root permissions, kernel permissions, iCloud data, and more.

We already know that the web browsing and Google Account ID vulnerabilities have been patched in advance of the arrival of RC versions of iOS 15.3 and macOS 12.2. However, Apple has now detailed a full list of security patches and documentation available for macOS 12.2.

Apple has also fixed many security issues with macOS 11.6.3 and macOS Catalina updates.

iOS 15.3 comes with 10 security fixes, 8 for watchOS 8.4. macOS 12.2 includes up to 13 security fixes.

In addition to the Safari web browsing vulnerability, other security issues have been patched, including the ability for apps to gain root privileges, the ability to execute arbitrary code with kernel privileges, access user files through iCloud, and more.

---

AMD Kernel

Applies to: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue has been addressed with improved bounds checking.

CVE-2022-22586: Anonymous Researcher

Color Sync

Applies to: macOS Monterey

Impact: Handling malicious Crafted files may lead to arbitrary code execution

Description: A memory corruption issue has been addressed with improved validation.

CVE-2022-22584: Mickey Jin from Trend Micro (@patch1t)

Crash Reporter

Applies to: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A logic issue has been addressed through improved validation.

CVE-2022-22578: Anonymous Researcher

iCloud

Applies to: macOS Monterey

Impacts: Application Maybe Able to access user's files

Description: An issue exists in the path validation logic for symbolic links. This issue has been addressed with improved path cleaning.

CVE-2022-22585: Huo Zhipeng (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

Intel Graphics Driver

Applies to: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue has been addressed through improved memory handling.

CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto

IOMobileFrameBuffer

Applies to: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that this issue may be actively exploited.

Description: A memory corruption issue has been addressed with improved input validation.

CVE-2022-22587: Anonymous Researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Labs, Siddharth Aeri (@b1n4r1b01)

Core

Applies to: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Buffers have been addressed with improved memory handling Overflow problem.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model input/output

Applies to: macOS Monterey

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue has been addressed through improved state management.

CVE-2022-22579: Mickey Jin from Trend Micro (@patch1t)

Pack Suite

Applies to: macOS Monterey

Impact: An application may be able to access restricted files

Description: A permissions issue has been addressed with improved validation.

CVE-2022-22583: Anonymous researchers, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point

Network Suite

Applies to: macOS Monterey

Impact: Processing a maliciously crafted message may result in arbitrary javascript being run

Description: A validation issue has been addressed with improved input sanitization.

CVE-2022-22589: Heige of the KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

Network Suite

Applies to: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use-after-free issue has been addressed with improved memory management.

CVE-2022-22590: Toan Pham from Ocean Security Team Orca (security.sea.com)

Cyber ​​Suite

Applies to: macOS Monterey

Impact: Processing maliciously crafted web content may prevent enforcement of Content Security Policy

Description: A logic issue has been resolved with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage

Applies to: macOS Monterey

Impacts : Websites may be able to track sensitive user information

Description: A cross-domain issue in the IndexDB API has been addressed through improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

Additional recognition

Core

us We would like to thank Tao Huang for his assistance.

metal

We would like to thank Tao Huang for his assistance.

Pack Kit

Thanks to Mickey Jin (@patch1t) and Mickey Jin (@patch1t) from Trend Micro for their assistance.

The above is the detailed content of macOS 12.2 patches 13 major security vulnerabilities affecting Safari, root access, iCloud, and more. For more information, please follow other related articles on the PHP Chinese website!