Apple macOS vulnerabilities

CVE-2022-0359 [HIGH] CWE-122 CVE-2022-0359: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0361 [HIGH] CWE-122 CVE-2022-0361: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0351 [HIGH] CWE-786 CVE-2022-0351: Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

CVE-2022-0318 [CRITICAL] CWE-122 CVE-2022-0318: Heap-based Buffer Overflow in vim/vim prior to 8.2. Heap-based Buffer Overflow in vim/vim prior to 8.2.

CVE-2022-21658 [MEDIUM] CWE-363 CVE-2022-21658: Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick

CVE-2022-0261 [HIGH] CWE-122 CVE-2022-0261: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2019-8703 [CRITICAL] CVE-2019-8703: This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macO This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

CVE-2019-8643 [CRITICAL] CVE-2019-8643: CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

CVE-2017-13835 [HIGH] CWE-119 CVE-2017-13835: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.

CVE-2017-13905 [HIGH] CWE-362 CVE-2017-13905: A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11. A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.

CVE-2020-3886 [HIGH] CWE-416 CVE-2020-3886: A use after free issue was addressed with improved memory management. This issue is fixed in macOS C A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2018-4302 [HIGH] CWE-476 CVE-2018-4302: A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

CVE-2017-13908 [HIGH] CVE-2017-13908: An issue in handling file permissions was addressed with improved validation. This issue is fixed in An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share.

CVE-2017-13892 [HIGH] CVE-2017-13892: An issue existed in the handling of Contact sharing. This issue was addressed with improved handling An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.

CVE-2017-13906 [HIGH] CWE-119 CVE-2017-13906: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges.

CVE-2017-13910 [MEDIUM] CVE-2017-13910: An access issue was addressed with additional sandbox restrictions on applications. This issue is fi An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.

CVE-2019-8702 [MEDIUM] CWE-668 CVE-2019-8702: This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Securi This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

CVE-2017-13907 [MEDIUM] CVE-2017-13907: A state management issue was addressed with improved state validation. This issue is fixed in macOS A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.

CVE-2021-30767 [MEDIUM] CVE-2021-30767: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system.

CVE-2020-3896 [MEDIUM] CVE-2020-3896: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.1 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.