![]() Impact: A website may be able to track sensitive user informationĭescription: A cross-origin issue in the IndexDB API was addressed with improved input validation.ĬVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition ![]() Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforcedĭescription: A logic issue was addressed with improved state management. Impact: Processing maliciously crafted web content may lead to arbitrary code executionĭescription: A use after free issue was addressed with improved memory management.ĬVE-2022-22590: Toan Pham from Team Orca of Sea Security () Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascriptĭescription: A validation issue was addressed with improved input sanitization.ĬVE-2022-22589: Heige of KnownSec 404 Team () and Bo Qu of Palo Alto Networks () Impact: An application may be able to access restricted filesĭescription: A permissions issue was addressed with improved validation.ĬVE-2022-22583: an anonymous researcher, Mickey Jin Ron Hass of Perception Point Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code executionĭescription: An information disclosure issue was addressed with improved state management.ĬVE-2022-22579: Mickey Jin of Trend Micro Apple is aware of a report that this issue may have been actively exploited.ĭescription: A memory corruption issue was addressed with improved input validation.ĬVE-2022-22587: an anonymous researcher, Meysam Firouzi of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri for: macOS Montereyĭescription: A buffer overflow issue was addressed with improved memory handling.ĬVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Impact: A malicious application may be able to execute arbitrary code with kernel privileges. This issue was addressed with improved path sanitization.ĬVE-2022-22585: Zhipeng Huo of Tencent Security Xuanwu Lab ()ĭescription: A memory corruption issue was addressed with improved memory handling.ĬVE-2022-22591: Antonio Zekic of Diverto Impact: An application may be able to access a user’s filesĭescription: An issue existed within the path validation logic for symlinks. Impact: A malicious application may be able to gain root privilegesĭescription: A logic issue was addressed with improved validation. Impact: Processing a maliciously crafted file may lead to arbitrary code executionĭescription: A memory corruption issue was addressed with improved validation.ĬVE-2022-22584: Mickey Jin of Trend Micro ![]() Impact: A malicious application may be able to execute arbitrary code with kernel privilegesĭescription: An out-of-bounds write issue was addressed with improved bounds checking. Here are the 13 flaws fixed in macOS 12.2 per Apple: Apple tells developers it’s rolling out a fix for iCloud syncing issues impacting third-party apps.macOS 12.2 comes with the most at 13 security fixes.īeyond the Safari web browsing flaw, others security issues patched include apps gaining root privileges, the ability to execute arbitrary code with kernel privileges, accessing user files through an iCloud, and more. IOS 15.3 comes with 10 security fixes, and 8 for watchOS 8.4. We already knew about the web browsing and Google account ID flaw being patched ahead of time as it arrived with the RC versions of iOS 15.3 and macOS 12.2 However, Apple has now detailed the full list of security patches with documentation available for macOS 12.2.Īpple has also patched a number of security issues with macOS 11.6.3 and an update for macOS Catalina. macOS 12.2 patches 13 serious security bugs ranging from the Safari web browsing leak to a flaw that can give malicious apps access to root privileges, kernel privileges, iCloud data, and more. Inside of Apple’s latest update for Mac are fixes for a wide range of security flaws. ![]()
0 Comments
Leave a Reply. |