Apple has launched iOS 15.5, macOS 12.4, and extra as we speak with updates like new options for Apple Money, the Podcasts app, and the Studio Show webcam repair. Nevertheless, an even bigger motive to replace your units is the safety patches with as we speak’s releases. iOS 15.5 consists of nearly 30 safety fixes whereas macOS 12.4 options over 50.
Apple shared all the small print for the safety fixes in its newest software program for iPhone, iPad, Mac, and extra on its help web page.
For each iOS and Mac, most of the flaws may enable malicious apps to execute arbitrary code with kernel privileges. One other for iOS says “A distant attacker might be able to trigger surprising utility termination or arbitrary code execution.”
Particularly on Mac, one of many 50+ flaws fastened was that “Photograph location info could persist after it’s eliminated with Preview Inspector.”
Vital safety updates are additionally obtainable for macOS Large Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.
You’ll be able to examine all the vulnerabilities fastened with the most recent updates under:
iOS and macOS safety patches:
iOS 15.5 and iPadOS 15.5
Launched Might 16, 2022
AppleAVD
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A use after free situation was addressed with improved reminiscence administration.
CVE-2022-26702: an nameless researcher
AppleGraphicsControl
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: Processing a maliciously crafted picture could result in arbitrary code execution
Description: A reminiscence corruption situation was addressed with improved enter validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Pattern Micro Zero Day Initiative
AVEVideoEncoder
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write situation was addressed with improved bounds checking.
CVE-2022-26736: an nameless researcher
CVE-2022-26737: an nameless researcher
CVE-2022-26738: an nameless researcher
CVE-2022-26739: an nameless researcher
CVE-2022-26740: an nameless researcher
DriverKit
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious utility might be able to execute arbitrary code with system privileges
Description: An out-of-bounds entry situation was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved state administration.
CVE-2022-26744: an nameless researcher
ImageIO
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A distant attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: An integer overflow situation was addressed with improved enter validation.
CVE-2022-26711: actae0n of Blacksun Hackers Membership working with Pattern Micro Zero Day Initiative
IOKit
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A race situation was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Safety Xuanwu Lab
IOMobileFrameBuffer
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved state administration.
CVE-2022-26768: an nameless researcher
IOSurfaceAccelerator
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved state administration.
CVE-2022-26771: an nameless researcher
Kernel
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A use after free situation was addressed with improved reminiscence administration.
CVE-2022-26757: Ned Williamson of Google Mission Zero
Kernel
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An attacker that has already achieved kernel code execution might be able to bypass kernel reminiscence mitigations
Description: A reminiscence corruption situation was addressed with improved validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious attacker with arbitrary learn and write functionality might be able to bypass Pointer Authentication
Description: A race situation was addressed with improved state dealing with.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A sandboxed course of might be able to circumvent sandbox restrictions
Description: An entry situation was addressed with further sandbox restrictions on third-party purposes.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A distant attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: A use after free situation was addressed with improved reminiscence administration.
CVE-2022-23308
Notes
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: Processing a big enter could result in a denial of service
Description: This situation was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain School Of Know-how Bhopal
Safari Non-public Searching
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious web site might be able to monitor customers in Safari non-public looking mode
Description: A logic situation was addressed with improved state administration.
CVE-2022-26731: an nameless researcher
Safety
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious app might be able to bypass signature validation
Description: A certificates parsing situation was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: An individual with bodily entry to an iOS system might be able to entry photographs from the lock display screen
Description: An authorization situation was addressed with improved state administration.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: Processing maliciously crafted net content material could result in code execution
Description: A reminiscence corruption situation was addressed with improved state administration.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: Processing maliciously crafted net content material could result in arbitrary code execution
Description: A use after free situation was addressed with improved reminiscence administration.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: Processing maliciously crafted net content material could result in arbitrary code execution
Description: A reminiscence corruption situation was addressed with improved state administration.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: Video self-preview in a webRTC name could also be interrupted if the consumer solutions a telephone name
Description: A logic situation within the dealing with of concurrent media was addressed with improved state dealing with.
WebKit Bugzilla: 237524
CVE-2022-22677: an nameless researcher
Wi-Fi
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious utility could disclose restricted reminiscence
Description: A reminiscence corruption situation was addressed with improved validation.
CVE-2022-26745: an nameless researcher
Wi-Fi
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious utility might be able to elevate privileges
Description: A reminiscence corruption situation was addressed with improved state administration.
CVE-2022-26760: 08Tc3wBB of ZecOps Cell EDR Staff
Wi-Fi
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A distant attacker might be able to trigger a denial of service
Description: This situation was addressed with improved checks.
CVE-2015-4142: Kostya Kortchinsky of Google Safety Staff
Wi-Fi
Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
Impression: A malicious utility might be able to execute arbitrary code with system privileges
Description: A reminiscence corruption situation was addressed with improved reminiscence dealing with.
CVE-2022-26762: Wang Yu of Cyberserval
Extra recognition
AppleMobileFileIntegrity
We want to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
FaceTime
We want to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
WebKit
We want to acknowledge James Lee, an nameless researcher for his or her help.
Wi-Fi
We want to acknowledge 08Tc3wBB of ZecOps Cell EDR Staff for his or her help.
macOS Monterey 12.4
Launched Might 16, 2022
AMD
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved state administration.
CVE-2022-26772: an nameless researcher
AMD
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A buffer overflow situation was addressed with improved reminiscence dealing with.
CVE-2022-26741: ABC Analysis s.r.o
CVE-2022-26742: ABC Analysis s.r.o
CVE-2022-26749: ABC Analysis s.r.o
CVE-2022-26750: ABC Analysis s.r.o
CVE-2022-26752: ABC Analysis s.r.o
CVE-2022-26753: ABC Analysis s.r.o
CVE-2022-26754: ABC Analysis s.r.o
apache
Accessible for: macOS Monterey
Impression: A number of points in apache
Description: A number of points have been addressed by updating apache to model 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Accessible for: macOS Monterey
Impression: Processing a maliciously crafted picture could result in arbitrary code execution
Description: A reminiscence corruption situation was addressed with improved enter validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Pattern Micro Zero Day Initiative
AppleScript
Accessible for: macOS Monterey
Impression: Processing a maliciously crafted AppleScript binary could lead to surprising utility termination or disclosure of course of reminiscence
Description: An out-of-bounds learn situation was addressed with improved enter validation.
CVE-2022-26697: Qi Solar and Robert Ai of Pattern Micro
AppleScript
Accessible for: macOS Monterey
Impression: Processing a maliciously crafted AppleScript binary could lead to surprising utility termination or disclosure of course of reminiscence
Description: An out-of-bounds learn situation was addressed with improved bounds checking.
CVE-2022-26698: Qi Solar of Pattern Micro
AVEVideoEncoder
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write situation was addressed with improved bounds checking.
CVE-2022-26736: an nameless researcher
CVE-2022-26737: an nameless researcher
CVE-2022-26738: an nameless researcher
CVE-2022-26739: an nameless researcher
CVE-2022-26740: an nameless researcher
Contacts
Accessible for: macOS Monterey
Impression: A plug-in might be able to inherit the applying’s permissions and entry consumer knowledge
Description: This situation was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Accessible for: macOS Monterey
Impression: A malicious utility might be able to acquire root privileges
Description: A reminiscence initialization situation was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Accessible for: macOS Monterey
Impression: A malicious utility might be able to execute arbitrary code with system privileges
Description: An out-of-bounds entry situation was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Accessible for: macOS Monterey
Impression: A distant attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: An integer overflow situation was addressed with improved enter validation.
CVE-2022-26711: actae0n of Blacksun Hackers Membership working with Pattern Micro Zero Day Initiative
ImageIO
Accessible for: macOS Monterey
Impression: Photograph location info could persist after it’s eliminated with Preview Inspector
Description: A logic situation was addressed with improved state administration.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Accessible for: macOS Monterey
Impression: A malicious utility might be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write situation was addressed with improved bounds checking.
CVE-2022-26720: Liu Lengthy of Ant Safety Gentle-Yr Lab
Intel Graphics Driver
Accessible for: macOS Monterey
Impression: A malicious utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved enter validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Accessible for: macOS Monterey
Impression: A malicious utility might be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds learn situation was addressed with improved enter validation.
CVE-2022-26770: Liu Lengthy of Ant Safety Gentle-Yr Lab
Intel Graphics Driver
Accessible for: macOS Monterey
Impression: Processing maliciously crafted net content material could result in arbitrary code execution
Description: An out-of-bounds write situation was addressed with improved enter validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Pattern Micro Zero Day Initiative
Intel Graphics Driver
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write situation was addressed with improved enter validation.
CVE-2022-26756: Jack Dates of RET2 Methods, Inc
IOKit
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A race situation was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Safety Xuanwu Lab
IOMobileFrameBuffer
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved state administration.
CVE-2022-26768: an nameless researcher
Kernel
Accessible for: macOS Monterey
Impression: An attacker that has already achieved code execution in macOS Restoration might be able to escalate to kernel privileges
Description: An out-of-bounds write situation was addressed with improved bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A use after free situation was addressed with improved reminiscence administration.
CVE-2022-26757: Ned Williamson of Google Mission Zero
Kernel
Accessible for: macOS Monterey
Impression: An attacker that has already achieved kernel code execution might be able to bypass kernel reminiscence mitigations
Description: A reminiscence corruption situation was addressed with improved validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Accessible for: macOS Monterey
Impression: A malicious attacker with arbitrary learn and write functionality might be able to bypass Pointer Authentication
Description: A race situation was addressed with improved state dealing with.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Accessible for: macOS Monterey
Impression: A sandboxed course of might be able to circumvent sandbox restrictions
Description: An entry situation was addressed with further sandbox restrictions on third-party purposes.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Accessible for: macOS Monterey
Impression: A malicious utility might be able to bypass Privateness preferences
Description: The problem was addressed with further permissions checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Accessible for: macOS Monterey
Impression: An attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: This situation was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Safety Staff
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Safety Staff
libresolv
Accessible for: macOS Monterey
Impression: An attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: An integer overflow was addressed with improved enter validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Safety Staff
LibreSSL
Accessible for: macOS Monterey
Impression: Processing a maliciously crafted certificates could result in a denial of service
Description: A denial of service situation was addressed with improved enter validation.
CVE-2022-0778
libxml2
Accessible for: macOS Monterey
Impression: A distant attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: A use after free situation was addressed with improved reminiscence administration.
CVE-2022-23308
OpenSSL
Accessible for: macOS Monterey
Impression: Processing a maliciously crafted certificates could result in a denial of service
Description: This situation was addressed with improved checks.
CVE-2022-0778
PackageKit
Accessible for: macOS Monterey
Impression: A malicious utility might be able to modify protected elements of the file system
Description: This situation was addressed by eradicating the susceptible code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Accessible for: macOS Monterey
Impression: A malicious utility might be able to modify protected elements of the file system
Description: This situation was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Accessible for: macOS Monterey
Impression: A plug-in might be able to inherit the applying’s permissions and entry consumer knowledge
Description: This situation was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Accessible for: macOS Monterey
Impression: A malicious utility might be able to bypass Privateness preferences
Description: This situation was addressed by eradicating the susceptible code.
CVE-2022-26746: @gorelics
Safari Non-public Searching
Accessible for: macOS Monterey
Impression: A malicious web site might be able to monitor customers in Safari non-public looking mode
Description: A logic situation was addressed with improved state administration.
CVE-2022-26731: an nameless researcher
Safety
Accessible for: macOS Monterey
Impression: A malicious app might be able to bypass signature validation
Description: A certificates parsing situation was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Accessible for: macOS Monterey
Impression: An utility might be able to acquire elevated privileges
Description: An out-of-bounds write situation was addressed with improved bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Accessible for: macOS Monterey
Impression: An utility might be able to acquire elevated privileges
Description: An out-of-bounds learn situation was addressed with improved enter validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Accessible for: macOS Monterey
Impression: Mounting a maliciously crafted Samba community share could result in arbitrary code execution
Description: A reminiscence corruption situation was addressed with improved enter validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Accessible for: macOS Monterey
Impression: A malicious utility might be able to entry restricted recordsdata
Description: This situation was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Highlight
Accessible for: macOS Monterey
Impression: An app might be able to acquire elevated privileges
Description: A validation situation existed within the dealing with of symlinks and was addressed with improved validation of symlinks.
CVE-2022-26704: an nameless researcher
TCC
Accessible for: macOS Monterey
Impression: An app might be able to seize a consumer’s display screen
Description: This situation was addressed with improved checks.
CVE-2022-26726: an nameless researcher
Tcl
Accessible for: macOS Monterey
Impression: A malicious utility might be able to get away of its sandbox
Description: This situation was addressed with improved atmosphere sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Accessible for: macOS Monterey
Impression: Processing maliciously crafted net content material could result in code execution
Description: A reminiscence corruption situation was addressed with improved state administration.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Accessible for: macOS Monterey
Impression: Processing maliciously crafted net content material could result in arbitrary code execution
Description: A use after free situation was addressed with improved reminiscence administration.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Accessible for: macOS Monterey
Impression: Processing maliciously crafted net content material could result in arbitrary code execution
Description: A reminiscence corruption situation was addressed with improved state administration.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Accessible for: macOS Monterey
Impression: Video self-preview in a webRTC name could also be interrupted if the consumer solutions a telephone name
Description: A logic situation within the dealing with of concurrent media was addressed with improved state dealing with.
WebKit Bugzilla: 237524
CVE-2022-22677: an nameless researcher
Wi-Fi
Accessible for: macOS Monterey
Impression: A malicious utility could disclose restricted reminiscence
Description: A reminiscence corruption situation was addressed with improved validation.
CVE-2022-26745: an nameless researcher
Wi-Fi
Accessible for: macOS Monterey
Impression: An utility might be able to execute arbitrary code with kernel privileges
Description: A reminiscence corruption situation was addressed with improved reminiscence dealing with.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Accessible for: macOS Monterey
Impression: A malicious utility might be able to execute arbitrary code with system privileges
Description: A reminiscence corruption situation was addressed with improved reminiscence dealing with.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Accessible for: macOS Monterey
Impression: Processing a maliciously crafted file could result in a denial of service
Description: A denial of service situation was addressed with improved state dealing with.
CVE-2022-0530
zlib
Accessible for: macOS Monterey
Impression: An attacker might be able to trigger surprising utility termination or arbitrary code execution
Description: A reminiscence corruption situation was addressed with improved enter validation.
CVE-2018-25032: Tavis Ormandy
zsh
Accessible for: macOS Monterey
Impression: A distant attacker might be able to trigger arbitrary code execution
Description: This situation was addressed by updating to zsh model 5.8.1.
CVE-2021-45444
Extra recognition
AppleMobileFileIntegrity
We want to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
Bluetooth
We want to acknowledge Jann Horn of Mission Zero for his or her help.
Calendar
We want to acknowledge Eugene Lim of Authorities Know-how Company of Singapore for his or her help.
FaceTime
We want to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
FileVault
We want to acknowledge Benjamin Adolphi of Promon Germany GmbH for his or her help.
Login Window
We want to acknowledge Csaba Fitzl (@theevilbit) of Offensive Safety for his or her help.
Photograph Sales space
We want to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
System Preferences
We want to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an nameless researcher for his or her help.
WebKit
We want to acknowledge James Lee, an nameless researcher for his or her help.
Wi-Fi
We want to acknowledge Dana Morrison for his or her help.
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
Try 9to5Mac on YouTube for extra Apple information: