Apple Patches Everything Day
Apple today released its usual "surprise patch day" in updating all of its operating systems. There may still be specific Safari updates, but for currently supported operating systems, the operating system upgrades should include respective Safari/WebKit fixes.
Note that Apple does not "rank" vulnerabilities or provide CVSS scores (or many details at all). The rating below is our own simple rating.
None of the vulnerabilities appears to be actively exploited.
Catalina | BigSur | Monterey | tvOS | iOS/iPadOS | watchOS | ||
---|---|---|---|---|---|---|---|
CVE-2022-32832 [important] APFS The issue was addressed with improved memory handling. An app with root privileges may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32788 [critical] AppleAVD A buffer overflow was addressed with improved bounds checking. A remote user may be able to cause kernel code execution |
|||||||
x | x | x | |||||
CVE-2022-32824 [important] AppleAVD The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
x | x | x | |||||
CVE-2022-32826 [important] AppleMobileFileIntegrity An authorization issue was addressed with improved state management. An app may be able to gain root privileges |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32845 [important] Apple Neural Engine This issue was addressed with improved checks. An app may be able to break out of its sandbox |
|||||||
x | x | x | |||||
CVE-2022-32840 [important] Apple Neural Engine This issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | |||||
CVE-2022-32810 [important] Apple Neural Engine The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | |||||
CVE-2022-32820 [important] Audio An out-of-bounds write issue was addressed with improved input validation. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32825 [important] Audio The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
x | x | x | x | x | |||
CVE-2022-32839 [critical] CoreText The issue was addressed with improved bounds checks. A remote user may cause an unexpected app termination or arbitrary code execution |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32819 [important] File System Events A logic issue was addressed with improved state management. An app may be able to gain root privileges |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32793 [important] GPU Drivers Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory |
|||||||
x | x | x | x | ||||
CVE-2022-32821 [important] GPU Drivers A memory corruption issue was addressed with improved validation. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | ||||
CVE-2022-32787 [critical] ICU An out-of-bounds write issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32841 [important] ImageIO The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory |
|||||||
x | x | x | x | ||||
CVE-2022-32813 [important] Kernel The issue was addressed with improved memory handling. An app with root privileges may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32815 [important] Kernel The issue was addressed with improved memory handling. An app with root privileges may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32817 [important] Kernel An out-of-bounds read issue was addressed with improved bounds checking. An app may be able to disclose kernel memory |
|||||||
x | x | x | x | ||||
CVE-2022-32844 [important] Kernel A race condition was addressed with improved state handling. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication |
|||||||
x | x | x | |||||
CVE-2022-26981 [important] Liblouis This issue was addressed with improved checks. An app may cause unexpected app termination or arbitrary code execution |
|||||||
x | x | x | x | ||||
CVE-2022-32823 [important] libxml2 A memory initialization issue was addressed with improved memory handling. An app may be able to leak sensitive user information |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32814 [important] Multi-Touch A type confusion issue was addressed with improved state handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | ||||
CVE-2022-32857 [important] Software Update This issue was addressed by using HTTPS when sending information over the network. A user in a privileged network position can track a user?s activity |
|||||||
x | x | x | x | x | x | ||
WebKit Bugzilla [critical] WebRTC A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution |
|||||||
x | x | x | x | ||||
CVE-2022-32847 [other] Wi-Fi This issue was addressed with improved checks. A remote user may be able to cause unexpected system termination or corrupt kernel memory |
|||||||
x | x | x | x | x | x | ||
CVE-2022-32797 [other] AppleScript This issue was addressed with improved checks. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory |
|||||||
x | x | x | |||||
CVE-2022-32853 [other] AppleScript An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory |
|||||||
x | x | x | |||||
CVE-2022-32851 [other] AppleScript An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory |
|||||||
x | x | x | |||||
CVE-2022-32831 [other] AppleScript An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory |
|||||||
x | x | x | |||||
CVE-2022-32805 [other] Calendar The issue was addressed with improved handling of caches. |
|||||||
x | x | x | |||||
CVE-2022-32849 [other] iCloud Photo Library An information disclosure issue was addressed by removing the vulnerable code. |
|||||||
x | x | x | x | x | |||
CVE-2022-32781 [other] FaceTime This issue was addressed by enabling hardened runtime. An app with root privileges may be able to access private information |
|||||||
x | x | ||||||
CVE-2022-32785 [other] ImageIO A null pointer dereference was addressed with improved validation. Processing an image may lead to a denial-of-service |
|||||||
x | x | x | x | ||||
CVE-2022-32812 [important] Intel Graphics Driver The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | |||||
CVE-2022-32811 [important] Intel Graphics Driver A memory corruption vulnerability was addressed with improved locking. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | |||||
CVE-2022-32786 [other] PackageKit An app may be able to modify protected parts of the file system |
|||||||
x | x | x | |||||
CVE-2022-32800 [other] PackageKit This issue was addressed with improved checks. An app may be able to modify protected parts of the file system |
|||||||
x | x | x | |||||
CVE-2022-32838 [other] PluginKit A logic issue was addressed with improved state management. An app may be able to read arbitrary files |
|||||||
x | x | x | x | ||||
CVE-2022-32843 [other] PS Normalizer An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory |
|||||||
x | x | x | |||||
CVE-2022-32842 [important] SMB An out-of-bounds read issue was addressed with improved input validation. An app may be able to gain elevated privileges |
|||||||
x | x | ||||||
CVE-2022-32799 [other] SMB An out-of-bounds read issue was addressed with improved bounds checking. A user in a privileged network position may be able to leak sensitive information |
|||||||
x | x | ||||||
CVE-2022-32807 [other] Spindump This issue was addressed with improved file handling. An app may be able to overwrite arbitrary files |
|||||||
x | x | x | |||||
CVE-2022-26704 [important] Spotlight An app may be able to gain elevated privileges |
|||||||
x | x | ||||||
CVE-2022-32834 [other] TCC An access issue was addressed with improvements to the sandbox. |
|||||||
x | x | x | |||||
CVE-2021-4136 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2021-4166 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2021-4173 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2021-4187 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2021-4192 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2021-4193 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2021-46059 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2022-0128 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2022-0156 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2022-0158 [other] Vim Multiple issues were addressed by updating Vim. Multiple issues in Vim |
|||||||
x | |||||||
CVE-2022-32848 [other] Windows Server A logic issue was addressed with improved checks. An app may be able to capture a user?s screen |
|||||||
x | x | ||||||
CVE-2022-32852 [other] AppleScript An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory |
|||||||
x | |||||||
CVE-2022-32789 [other] Automation A logic issue was addressed with improved checks. An app may be able to bypass Privacy preferences |
|||||||
x | |||||||
CVE-2022-32828 [important] CoreMedia The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
x | x | x | |||||
CVE-2022-32829 [important] Apple Neural Engine This issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | ||||||
CVE-2022-32796 [important] SMB A memory corruption issue was addressed with improved state management. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | |||||||
CVE-2022-32798 [important] SMB An out-of-bounds write issue was addressed with improved input validation. An app may be able to gain elevated privileges |
|||||||
x | |||||||
CVE-2022-32818 [important] SMB The issue was addressed with improved memory handling. An app may be able to leak sensitive kernel state |
|||||||
x | |||||||
CVE-2022-32801 [important] Spotlight This issue was addressed with improved checks. An app may be able to gain root privileges |
|||||||
x | |||||||
CVE-2021-28544 [other] subversion Multiple issues were addressed by updating subversion. Multiple issues in subversion |
|||||||
x | |||||||
CVE-2022-24070 [other] subversion Multiple issues were addressed by updating subversion. Multiple issues in subversion |
|||||||
x | |||||||
CVE-2022-29046 [other] subversion Multiple issues were addressed by updating subversion. Multiple issues in subversion |
|||||||
x | |||||||
CVE-2022-29048 [other] subversion Multiple issues were addressed by updating subversion. Multiple issues in subversion |
|||||||
x | |||||||
CVE-2022-32837 [important] Wi-Fi This issue was addressed with improved checks. An app may be able to cause unexpected system termination or write kernel memory |
|||||||
x | x | x | |||||
CVE-2022-32802 [critical] ImageIO A logic issue was addressed with improved checks. Processing a maliciously crafted file may lead to arbitrary code execution |
|||||||
x | x | ||||||
CVE-2022-32830 [important] ImageIO An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted image may lead to disclosure of user information |
|||||||
x | x | ||||||
CVE-2022-32855 [important] Home A logic issue was addressed with improved state management. A user may be able to view restricted content from the lock screen |
|||||||
x | |||||||
CVE-2022-26768 [important] IOMobileFrameBuffer A memory corruption issue was addressed with improved state management. An application may be able to execute arbitrary code with kernel privileges |
|||||||
x | |||||||
CVE-2022-32784 [important] Safari Extensions The issue was addressed with improved UI handling. Visiting a maliciously crafted website may leak sensitive data |
|||||||
x |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments