Apple Security Update 2022-005 Catalina vulnerabilities

CVE-2022-32837 [HIGH] CVE-2022-32837: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32837 Component: Wi-Fi Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks.

CVE-2021-4187 [HIGH] CVE-2021-4187: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2021-4187 Component: CVE-2021-4187

CVE-2022-32815 [HIGH] CVE-2022-32815: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32815 Component: Kernel Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2022-0128 [HIGH] CVE-2022-0128: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-0128 Component: CVE-2022-0128

CVE-2022-32820 [HIGH] CVE-2022-32820: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32820 Component: Audio Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2021-4192 [HIGH] CVE-2021-4192: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2021-4192 Component: CVE-2021-4192

CVE-2022-32813 [HIGH] CVE-2022-32813: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32813 Component: Kernel Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2022-32799 [MEDIUM] CVE-2022-32799: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32799 Component: SMB Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-32781 [MEDIUM] CVE-2022-32781: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32781 Component: FaceTime Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime.

CVE-2022-32800 [MEDIUM] CVE-2022-32800: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32800 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks.

CVE-2022-32834 [MEDIUM] CVE-2022-32834: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32834 Component: TCC Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox.

CVE-2022-32832 [MEDIUM] CVE-2022-32832: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32832 Component: APFS Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2022-32849 [MEDIUM] CVE-2022-32849: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32849 Component: Calendar Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2022-32786 [MEDIUM] CVE-2022-32786: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32786 Component: PackageKit Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation.

CVE-2022-32838 [MEDIUM] CVE-2022-32838: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32838 Component: PluginKit Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management.

CVE-2022-32823 [MEDIUM] CVE-2022-32823: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32823 Component: CVE-2022-32823

CVE-2021-4193 [MEDIUM] CVE-2021-4193: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2021-4193 Component: CVE-2021-4193

CVE-2021-30946 [MEDIUM] CVE-2021-30946: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2021-30946 Component: LaunchServices Impact: An app may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions.

CVE-2022-32785 [MEDIUM] CVE-2022-32785: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32785 Component: ImageIO Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation.

CVE-2022-32857 [MEDIUM] CVE-2022-32857: Security Update 2022-005 Catalina Apple Security Update: About the security content of Security Update 2022-005 Catalina Product: Security Update 2022-005 Catalina CVE: CVE-2022-32857 Component: Software Update Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network.