Apple has launched iOS 15.5, macOS 12.4, and extra in the present day with updates like new options for Apple Money, the Podcasts app, and the Studio Show webcam repair. Nonetheless, an even bigger purpose to replace your gadgets is the safety patches with in the present day’s releases. iOS 15.5 contains nearly 30 safety fixes whereas macOS 12.4 options over 50.
Apple shared all the small print for the safety fixes in its newest software program for iPhone, iPad, Mac, and extra on its assist web page.
For each iOS and Mac, most of the flaws may enable malicious apps to execute arbitrary code with kernel privileges. One other for iOS says “A distant attacker could possibly trigger surprising utility termination or arbitrary code execution.”
Particularly on Mac, one of many 50+ flaws mounted was that “Picture location data might persist after it’s eliminated with Preview Inspector.”
Vital safety updates are additionally accessible for macOS Huge Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.
You possibly can examine all the vulnerabilities mounted with the newest updates under:
iOS and macOS safety patches:
iOS 15.5 and iPadOS 15.5
Launched Could 16, 2022
AppleAVD
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A use after free concern was addressed with improved reminiscence administration.
CVE-2022-26702: an nameless researcher
AppleGraphicsControl
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: Processing a maliciously crafted picture might result in arbitrary code execution
Description: A reminiscence corruption concern was addressed with improved enter validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Pattern Micro Zero Day Initiative
AVEVideoEncoder
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: An out-of-bounds write concern was addressed with improved bounds checking.
CVE-2022-26736: an nameless researcher
CVE-2022-26737: an nameless researcher
CVE-2022-26738: an nameless researcher
CVE-2022-26739: an nameless researcher
CVE-2022-26740: an nameless researcher
DriverKit
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious utility could possibly execute arbitrary code with system privileges
Description: An out-of-bounds entry concern was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
GPU Drivers
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved state administration.
CVE-2022-26744: an nameless researcher
ImageIO
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A distant attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: An integer overflow concern was addressed with improved enter validation.
CVE-2022-26711: actae0n of Blacksun Hackers Membership working with Pattern Micro Zero Day Initiative
IOKit
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A race situation was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Safety Xuanwu Lab
IOMobileFrameBuffer
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved state administration.
CVE-2022-26768: an nameless researcher
IOSurfaceAccelerator
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved state administration.
CVE-2022-26771: an nameless researcher
Kernel
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A use after free concern was addressed with improved reminiscence administration.
CVE-2022-26757: Ned Williamson of Google Undertaking Zero
Kernel
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An attacker that has already achieved kernel code execution could possibly bypass kernel reminiscence mitigations
Description: A reminiscence corruption concern was addressed with improved validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious attacker with arbitrary learn and write functionality could possibly bypass Pointer Authentication
Description: A race situation was addressed with improved state dealing with.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A sandboxed course of could possibly circumvent sandbox restrictions
Description: An entry concern was addressed with further sandbox restrictions on third-party purposes.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libxml2
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A distant attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: A use after free concern was addressed with improved reminiscence administration.
CVE-2022-23308
Notes
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: Processing a big enter might result in a denial of service
Description: This concern was addressed with improved checks.
CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain Faculty Of Expertise Bhopal
Safari Non-public Shopping
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious web site could possibly monitor customers in Safari non-public searching mode
Description: A logic concern was addressed with improved state administration.
CVE-2022-26731: an nameless researcher
Safety
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious app could possibly bypass signature validation
Description: A certificates parsing concern was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: An individual with bodily entry to an iOS machine could possibly entry images from the lock display
Description: An authorization concern was addressed with improved state administration.
CVE-2022-26703: Salman Syed (@slmnsd551)
WebKit
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: Processing maliciously crafted net content material might result in code execution
Description: A reminiscence corruption concern was addressed with improved state administration.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: Processing maliciously crafted net content material might result in arbitrary code execution
Description: A use after free concern was addressed with improved reminiscence administration.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: Processing maliciously crafted net content material might result in arbitrary code execution
Description: A reminiscence corruption concern was addressed with improved state administration.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: Video self-preview in a webRTC name could also be interrupted if the person solutions a telephone name
Description: A logic concern within the dealing with of concurrent media was addressed with improved state dealing with.
WebKit Bugzilla: 237524
CVE-2022-22677: an nameless researcher
Wi-Fi
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious utility might disclose restricted reminiscence
Description: A reminiscence corruption concern was addressed with improved validation.
CVE-2022-26745: an nameless researcher
Wi-Fi
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious utility could possibly elevate privileges
Description: A reminiscence corruption concern was addressed with improved state administration.
CVE-2022-26760: 08Tc3wBB of ZecOps Cell EDR Staff
Wi-Fi
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A distant attacker could possibly trigger a denial of service
Description: This concern was addressed with improved checks.
CVE-2015-4142: Kostya Kortchinsky of Google Safety Staff
Wi-Fi
Obtainable for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)
Impression: A malicious utility could possibly execute arbitrary code with system privileges
Description: A reminiscence corruption concern was addressed with improved reminiscence dealing with.
CVE-2022-26762: Wang Yu of Cyberserval
Further recognition
AppleMobileFileIntegrity
We wish to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
FaceTime
We wish to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
WebKit
We wish to acknowledge James Lee, an nameless researcher for his or her help.
Wi-Fi
We wish to acknowledge 08Tc3wBB of ZecOps Cell EDR Staff for his or her help.
macOS Monterey 12.4
Launched Could 16, 2022
AMD
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved state administration.
CVE-2022-26772: an nameless researcher
AMD
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A buffer overflow concern was addressed with improved reminiscence dealing with.
CVE-2022-26741: ABC Analysis s.r.o
CVE-2022-26742: ABC Analysis s.r.o
CVE-2022-26749: ABC Analysis s.r.o
CVE-2022-26750: ABC Analysis s.r.o
CVE-2022-26752: ABC Analysis s.r.o
CVE-2022-26753: ABC Analysis s.r.o
CVE-2022-26754: ABC Analysis s.r.o
apache
Obtainable for: macOS Monterey
Impression: A number of points in apache
Description: A number of points have been addressed by updating apache to model 2.4.53.
CVE-2021-44224
CVE-2021-44790
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
AppleGraphicsControl
Obtainable for: macOS Monterey
Impression: Processing a maliciously crafted picture might result in arbitrary code execution
Description: A reminiscence corruption concern was addressed with improved enter validation.
CVE-2022-26751: Michael DePlante (@izobashi) of Pattern Micro Zero Day Initiative
AppleScript
Obtainable for: macOS Monterey
Impression: Processing a maliciously crafted AppleScript binary might lead to surprising utility termination or disclosure of course of reminiscence
Description: An out-of-bounds learn concern was addressed with improved enter validation.
CVE-2022-26697: Qi Solar and Robert Ai of Pattern Micro
AppleScript
Obtainable for: macOS Monterey
Impression: Processing a maliciously crafted AppleScript binary might lead to surprising utility termination or disclosure of course of reminiscence
Description: An out-of-bounds learn concern was addressed with improved bounds checking.
CVE-2022-26698: Qi Solar of Pattern Micro
AVEVideoEncoder
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: An out-of-bounds write concern was addressed with improved bounds checking.
CVE-2022-26736: an nameless researcher
CVE-2022-26737: an nameless researcher
CVE-2022-26738: an nameless researcher
CVE-2022-26739: an nameless researcher
CVE-2022-26740: an nameless researcher
Contacts
Obtainable for: macOS Monterey
Impression: A plug-in could possibly inherit the appliance’s permissions and entry person information
Description: This concern was addressed with improved checks.
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly acquire root privileges
Description: A reminiscence initialization concern was addressed.
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly execute arbitrary code with system privileges
Description: An out-of-bounds entry concern was addressed with improved bounds checking.
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Obtainable for: macOS Monterey
Impression: A distant attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: An integer overflow concern was addressed with improved enter validation.
CVE-2022-26711: actae0n of Blacksun Hackers Membership working with Pattern Micro Zero Day Initiative
ImageIO
Obtainable for: macOS Monterey
Impression: Picture location data might persist after it’s eliminated with Preview Inspector
Description: A logic concern was addressed with improved state administration.
CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly execute arbitrary code with kernel privileges
Description: An out-of-bounds write concern was addressed with improved bounds checking.
CVE-2022-26720: Liu Lengthy of Ant Safety Gentle-Yr Lab
Intel Graphics Driver
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved enter validation.
CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly execute arbitrary code with kernel privileges
Description: An out-of-bounds learn concern was addressed with improved enter validation.
CVE-2022-26770: Liu Lengthy of Ant Safety Gentle-Yr Lab
Intel Graphics Driver
Obtainable for: macOS Monterey
Impression: Processing maliciously crafted net content material might result in arbitrary code execution
Description: An out-of-bounds write concern was addressed with improved enter validation.
CVE-2022-26748: Jeonghoon Shin of Theori working with Pattern Micro Zero Day Initiative
Intel Graphics Driver
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: An out-of-bounds write concern was addressed with improved enter validation.
CVE-2022-26756: Jack Dates of RET2 Techniques, Inc
IOKit
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A race situation was addressed with improved locking.
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Safety Xuanwu Lab
IOMobileFrameBuffer
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved state administration.
CVE-2022-26768: an nameless researcher
Kernel
Obtainable for: macOS Monterey
Impression: An attacker that has already achieved code execution in macOS Restoration could possibly escalate to kernel privileges
Description: An out-of-bounds write concern was addressed with improved bounds checking.
CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved validation.
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A use after free concern was addressed with improved reminiscence administration.
CVE-2022-26757: Ned Williamson of Google Undertaking Zero
Kernel
Obtainable for: macOS Monterey
Impression: An attacker that has already achieved kernel code execution could possibly bypass kernel reminiscence mitigations
Description: A reminiscence corruption concern was addressed with improved validation.
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Obtainable for: macOS Monterey
Impression: A malicious attacker with arbitrary learn and write functionality could possibly bypass Pointer Authentication
Description: A race situation was addressed with improved state dealing with.
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices
Obtainable for: macOS Monterey
Impression: A sandboxed course of could possibly circumvent sandbox restrictions
Description: An entry concern was addressed with further sandbox restrictions on third-party purposes.
CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly bypass Privateness preferences
Description: The difficulty was addressed with further permissions checks.
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv
Obtainable for: macOS Monterey
Impression: An attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: This concern was addressed with improved checks.
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Safety Staff
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Safety Staff
libresolv
Obtainable for: macOS Monterey
Impression: An attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: An integer overflow was addressed with improved enter validation.
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Safety Staff
LibreSSL
Obtainable for: macOS Monterey
Impression: Processing a maliciously crafted certificates might result in a denial of service
Description: A denial of service concern was addressed with improved enter validation.
CVE-2022-0778
libxml2
Obtainable for: macOS Monterey
Impression: A distant attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: A use after free concern was addressed with improved reminiscence administration.
CVE-2022-23308
OpenSSL
Obtainable for: macOS Monterey
Impression: Processing a maliciously crafted certificates might result in a denial of service
Description: This concern was addressed with improved checks.
CVE-2022-0778
PackageKit
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly modify protected components of the file system
Description: This concern was addressed by eradicating the weak code.
CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly modify protected components of the file system
Description: This concern was addressed with improved entitlements.
CVE-2022-26727: Mickey Jin (@patch1t)
Preview
Obtainable for: macOS Monterey
Impression: A plug-in could possibly inherit the appliance’s permissions and entry person information
Description: This concern was addressed with improved checks.
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly bypass Privateness preferences
Description: This concern was addressed by eradicating the weak code.
CVE-2022-26746: @gorelics
Safari Non-public Shopping
Obtainable for: macOS Monterey
Impression: A malicious web site could possibly monitor customers in Safari non-public searching mode
Description: A logic concern was addressed with improved state administration.
CVE-2022-26731: an nameless researcher
Safety
Obtainable for: macOS Monterey
Impression: A malicious app could possibly bypass signature validation
Description: A certificates parsing concern was addressed with improved checks.
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB
Obtainable for: macOS Monterey
Impression: An utility could possibly acquire elevated privileges
Description: An out-of-bounds write concern was addressed with improved bounds checking.
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Obtainable for: macOS Monterey
Impression: An utility could possibly acquire elevated privileges
Description: An out-of-bounds learn concern was addressed with improved enter validation.
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB
Obtainable for: macOS Monterey
Impression: Mounting a maliciously crafted Samba community share might result in arbitrary code execution
Description: A reminiscence corruption concern was addressed with improved enter validation.
CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly entry restricted recordsdata
Description: This concern was addressed with improved entitlements.
CVE-2022-26728: Mickey Jin (@patch1t)
Highlight
Obtainable for: macOS Monterey
Impression: An app could possibly acquire elevated privileges
Description: A validation concern existed within the dealing with of symlinks and was addressed with improved validation of symlinks.
CVE-2022-26704: an nameless researcher
TCC
Obtainable for: macOS Monterey
Impression: An app could possibly seize a person’s display
Description: This concern was addressed with improved checks.
CVE-2022-26726: an nameless researcher
Tcl
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly get away of its sandbox
Description: This concern was addressed with improved surroundings sanitization.
CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit
Obtainable for: macOS Monterey
Impression: Processing maliciously crafted net content material might result in code execution
Description: A reminiscence corruption concern was addressed with improved state administration.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
WebKit
Obtainable for: macOS Monterey
Impression: Processing maliciously crafted net content material might result in arbitrary code execution
Description: A use after free concern was addressed with improved reminiscence administration.
WebKit Bugzilla: 236950
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 237475
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Bugzilla: 238171
CVE-2022-26717: Jeonghoon Shin of Theori
WebKit
Obtainable for: macOS Monterey
Impression: Processing maliciously crafted net content material might result in arbitrary code execution
Description: A reminiscence corruption concern was addressed with improved state administration.
WebKit Bugzilla: 238183
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab
WebKit Bugzilla: 238699
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC
Obtainable for: macOS Monterey
Impression: Video self-preview in a webRTC name could also be interrupted if the person solutions a telephone name
Description: A logic concern within the dealing with of concurrent media was addressed with improved state dealing with.
WebKit Bugzilla: 237524
CVE-2022-22677: an nameless researcher
Wi-Fi
Obtainable for: macOS Monterey
Impression: A malicious utility might disclose restricted reminiscence
Description: A reminiscence corruption concern was addressed with improved validation.
CVE-2022-26745: an nameless researcher
Wi-Fi
Obtainable for: macOS Monterey
Impression: An utility could possibly execute arbitrary code with kernel privileges
Description: A reminiscence corruption concern was addressed with improved reminiscence dealing with.
CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi
Obtainable for: macOS Monterey
Impression: A malicious utility could possibly execute arbitrary code with system privileges
Description: A reminiscence corruption concern was addressed with improved reminiscence dealing with.
CVE-2022-26762: Wang Yu of Cyberserval
zip
Obtainable for: macOS Monterey
Impression: Processing a maliciously crafted file might result in a denial of service
Description: A denial of service concern was addressed with improved state dealing with.
CVE-2022-0530
zlib
Obtainable for: macOS Monterey
Impression: An attacker could possibly trigger surprising utility termination or arbitrary code execution
Description: A reminiscence corruption concern was addressed with improved enter validation.
CVE-2018-25032: Tavis Ormandy
zsh
Obtainable for: macOS Monterey
Impression: A distant attacker could possibly trigger arbitrary code execution
Description: This concern was addressed by updating to zsh model 5.8.1.
CVE-2021-45444
Further recognition
AppleMobileFileIntegrity
We wish to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
Bluetooth
We wish to acknowledge Jann Horn of Undertaking Zero for his or her help.
Calendar
We wish to acknowledge Eugene Lim of Authorities Expertise Company of Singapore for his or her help.
FaceTime
We wish to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
FileVault
We wish to acknowledge Benjamin Adolphi of Promon Germany GmbH for his or her help.
Login Window
We wish to acknowledge Csaba Fitzl (@theevilbit) of Offensive Safety for his or her help.
Picture Sales space
We wish to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for his or her help.
System Preferences
We wish to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an nameless researcher for his or her help.
WebKit
We wish to acknowledge James Lee, an nameless researcher for his or her help.
Wi-Fi
We wish to acknowledge Dana Morrison for his or her help.
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
Take a look at 9to5Mac on YouTube for extra Apple information: