Apple macOS vulnerabilities

CVE-2022-32849 [MEDIUM] CWE-200 CVE-2022-32849: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

CVE-2022-32800 [MEDIUM] CWE-284 CVE-2022-32800: This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catal This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

CVE-2022-32823 [MEDIUM] CWE-665 CVE-2022-32823: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.

CVE-2022-32786 [MEDIUM] CWE-20 CVE-2022-32786: An issue in the handling of environment variables was addressed with improved validation. This issue An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

CVE-2022-32785 [MEDIUM] CWE-476 CVE-2022-32785: A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 a A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.

CVE-2022-32799 [MEDIUM] CWE-125 CVE-2022-32799: An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Secu An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.

CVE-2022-32781 [MEDIUM] CWE-269 CVE-2022-32781: This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, i This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.

CVE-2022-32832 [MEDIUM] CVE-2022-32832: The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.

CVE-2022-32805 [MEDIUM] CWE-200 CVE-2022-32805: The issue was addressed with improved handling of caches. This issue is fixed in Security Update 202 The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.

CVE-2022-32839 [CRITICAL] CWE-119 CVE-2022-32839: The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, mac The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution.

CVE-2022-32811 [HIGH] CWE-667 CVE-2022-32811: A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32813 [HIGH] CWE-787 CVE-2022-32813: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, m The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.

CVE-2022-32837 [HIGH] CWE-787 CVE-2022-32837: This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.

CVE-2022-32812 [HIGH] CWE-787 CVE-2022-32812: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, m The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32838 [MEDIUM] CWE-285 CVE-2022-32838: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.

CVE-2022-32857 [MEDIUM] CWE-319 CVE-2022-32857: This issue was addressed by using HTTPS when sending information over the network. This issue is fix This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.

CVE-2022-32834 [MEDIUM] CWE-284 CVE-2022-32834: An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Montere An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

CVE-2022-2294 [HIGH] CWE-787 CVE-2022-2294: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-26775 [CRITICAL] CWE-190 CVE-2022-26775: An integer overflow was addressed with improved input validation. This issue is fixed in Security Up An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2022-26720 [HIGH] CWE-787 CVE-2022-26720: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Sec An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.