site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443. ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t) Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi) Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32911: Zweig of Kunlun Lab Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t) Additional recognition Identity Services We would like to acknowledge Joshua Jones for their assistance. macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgIACgkQ4RjMIDke NxkaWBAAkBMuKK4c9t5gDfIh7euxRRv8R93vrzpifbCzLnotjcOeQHh1wP+SAo8D AhalD7Gwu7RYWYMOsa62dwM0AEpxAkvZF+NZ+rq77S71LcdUZvxeRuBVKwdF1Vdr 4WmBgb5CzRvQs7VrMyZTlooQwZlFMMX0e0HpDX0vDe3Dv9REI2xf4g7fE/EwrI+h sFt0mdsWerlvnxyaDcwq9fbZ2m82anyMuxoXc0VDTbi6GjWAuu7K54fhW53iczh2 ucQvDzh4gd2zDzf8fXJ/M5DvH3b5Z7spTTqBWnfNnP95z1fCuNXLwbarQ5UW/yYA 3nQrYELU8mJ3cb0+VzYHUAk94yy64sBhcsH0v53MkjvTK5rcPre5LateBK20ueNy tCCm/teEzosBzsZ0xS7n74hxccRXKnjBZnt1eRvfkUpi/n8g6Z3UVBvcmtmmhvik 2lr24XdRxzZBzS0gcAb601Wr2sK+uEoWRwfpy/BwuIvjlod7/8+8OBhjx0L/NABy 0poSoOn8W6I6EgNzTdzyO176Kn2G7MtPo8O3jMS1tuzBdsge/gFb7N0lPpgd/7v/ tOeK6p26GvVz/Mq6RXRdoHbzVZl2d92ECfvG9MXlydo0hGV4FmO5pfJxg5ubp6/i FLyBnnpsqa58AbpXmUL9jDgiiNbWEPpdZ28aauEywhxR6bh9d88= =OtBx -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/site_archiver%40li... This email sent to site_archiver@lists.apple.com