Apple macOS vulnerabilities

CVE-2022-32811 [HIGH] CWE-667 CVE-2022-32811: A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32813 [HIGH] CWE-787 CVE-2022-32813: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, m The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.

CVE-2022-32837 [HIGH] CWE-787 CVE-2022-32837: This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.

CVE-2022-32812 [HIGH] CWE-787 CVE-2022-32812: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, m The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32793 [HIGH] CWE-787 CVE-2022-32793: Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixe Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

CVE-2022-32840 [HIGH] CWE-269 CVE-2022-32840: This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32810 [HIGH] CWE-787 CVE-2022-32810: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, w The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.

CVE-2022-32893 [HIGH] CWE-787 CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2022-32838 [MEDIUM] CWE-285 CVE-2022-32838: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.

CVE-2022-32857 [MEDIUM] CWE-319 CVE-2022-32857: This issue was addressed by using HTTPS when sending information over the network. This issue is fix This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.

CVE-2022-32834 [MEDIUM] CWE-284 CVE-2022-32834: An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Montere An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

CVE-2022-37434 [CRITICAL] CWE-787 CVE-2022-37434: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVE-2022-2294 [HIGH] CWE-787 CVE-2022-2294: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-32207 [CRITICAL] CWE-840 CVE-2022-32207: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomi When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than inten

CVE-2022-32205 [MEDIUM] CWE-770 CVE-2022-32205: A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl a A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to av

CVE-2022-32208 [MEDIUM] CWE-840 CVE-2022-32208: When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wron When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

CVE-2022-1720 [HIGH] CWE-126 CVE-2022-1720: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vul Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

CVE-2022-2124 [HIGH] CWE-126 CVE-2022-2124: Buffer Over-read in GitHub repository vim/vim prior to 8.2. Buffer Over-read in GitHub repository vim/vim prior to 8.2.

CVE-2022-2126 [HIGH] CWE-125 CVE-2022-2126: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-2125 [HIGH] CWE-122 CVE-2022-2125: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.