Apple Security Update - Catalina vulnerabilities

CVE-2022-46706 [HIGH] CWE-843 CVE-2022-46706: A type confusion issue was addressed with improved state handling. This issue is fixed in Security U A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26775 [CRITICAL] CWE-190 CVE-2022-26775: An integer overflow was addressed with improved input validation. This issue is fixed in Security Up An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2022-26720 [HIGH] CWE-787 CVE-2022-26720: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Sec An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26721 [HIGH] CWE-665 CVE-2022-26721: A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalin A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

CVE-2022-26770 [HIGH] CWE-125 CVE-2022-26770: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Sec An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26722 [HIGH] CWE-665 CVE-2022-26722: A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalin A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

CVE-2022-26769 [HIGH] CWE-787 CVE-2022-26769: A memory corruption issue was addressed with improved input validation. This issue is fixed in Secur A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26715 [HIGH] CWE-787 CVE-2022-26715: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Sec An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.

CVE-2022-26697 [HIGH] CWE-125 CVE-2022-26697: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Sec An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

CVE-2022-26698 [HIGH] CWE-125 CVE-2022-26698: An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Secu An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

CVE-2022-26751 [HIGH] CWE-787 CVE-2022-26751: A memory corruption issue was addressed with improved input validation. This issue is fixed in iTune A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-26748 [HIGH] CWE-787 CVE-2022-26748: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Se An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-26756 [HIGH] CWE-787 CVE-2022-26756: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Se An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26761 [HIGH] CWE-787 CVE-2022-26761: A memory corruption issue was addressed with improved memory handling. This issue is fixed in Securi A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

CVE-2022-26755 [MEDIUM] CVE-2022-26755: This issue was addressed with improved environment sanitization. This issue is fixed in Security Upd This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.

CVE-2022-26727 [MEDIUM] CVE-2022-26727: This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.

CVE-2022-26746 [MEDIUM] CVE-2022-26746: This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 202 This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.

CVE-2022-26728 [MEDIUM] CVE-2022-26728: This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.

CVE-2021-30834 [HIGH] CVE-2021-30834: A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

CVE-2020-29622 [HIGH] CWE-362 CVE-2020-29622: A race condition was addressed with additional validation. This issue is fixed in Security Update 20 A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.