Apple macOS vulnerabilities

CVE-2022-22590 [HIGH] CWE-416 CVE-2022-22590: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22597 [HIGH] CWE-787 CVE-2022-22597: A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big S A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.

CVE-2022-22593 [HIGH] CWE-120 CVE-2022-22593: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2022-22640 [HIGH] CWE-787 CVE-2022-22640: A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-22669 [HIGH] CWE-416 CVE-2022-22669: A use after free issue was addressed with improved memory management. This issue is fixed in macOS M A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-22579 [HIGH] CVE-2022-22579: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22633 [HIGH] CWE-787 CVE-2022-22633: A memory corruption issue was addressed with improved state management. This issue is fixed in watch A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22613 [HIGH] CWE-787 CVE-2022-22613: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-22627 [HIGH] CWE-125 CVE-2022-22627: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

CVE-2022-22648 [MEDIUM] CVE-2022-22648: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Mo This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.

CVE-2022-22621 [MEDIUM] CVE-2022-22621: This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

CVE-2022-22638 [MEDIUM] CWE-476 CVE-2022-22638: A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.

CVE-2022-22650 [MEDIUM] CWE-281 CVE-2022-22650: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Mo This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.

CVE-2022-22583 [MEDIUM] CVE-2022-22583: A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2 A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.

CVE-2022-22594 [MEDIUM] CWE-346 CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

CVE-2022-22592 [MEDIUM] CVE-2022-22592: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVE-2022-22647 [MEDIUM] CVE-2022-22647: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Mo This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.

CVE-2022-22644 [MEDIUM] CVE-2022-22644: A privacy issue existed in the handling of Contact cards. This was addressed with improved state man A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.

CVE-2022-22600 [MEDIUM] CVE-2022-22600: The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.

CVE-2022-22589 [MEDIUM] CVE-2022-22589: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 a A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.