• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2022-09-12-3 macOS Big Sur 11.7

  • Subject: APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
  • From: Apple Product Security via Security-announce <email@hidden>
  • Date: Mon, 12 Sep 2022 11:26:02 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-09-12-3 macOS Big Sur 11.7

macOS Big Sur 11.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213443.

ATS
Available for: macOS Big Sur
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2022-32902: Mickey Jin (@patch1t)

Contacts
Available for: macOS Big Sur
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

iMovie
Available for: macOS Big Sur
Impact: A user may be able to view sensitive user information
Description: This issue was addressed by enabling hardened runtime.
CVE-2022-32896: Wojciech ReguĊ‚a (@_r3ggi)

Kernel
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32911: Zweig of Kunlun Lab

Kernel
Available for: macOS Big Sur
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32894: an anonymous researcher

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: The issue was addressed with improved bounds checks.
CVE-2022-32917: an anonymous researcher

Maps
Available for: macOS Big Sur
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary
Available for: macOS Big Sur
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-32908: an anonymous researcher

PackageKit
Available for: macOS Big Sur
Impact: An app may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32900: Mickey Jin (@patch1t)

Additional recognition

Identity Services
We would like to acknowledge Joshua Jones for their assistance.

macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgIACgkQ4RjMIDke
NxkaWBAAkBMuKK4c9t5gDfIh7euxRRv8R93vrzpifbCzLnotjcOeQHh1wP+SAo8D
AhalD7Gwu7RYWYMOsa62dwM0AEpxAkvZF+NZ+rq77S71LcdUZvxeRuBVKwdF1Vdr
4WmBgb5CzRvQs7VrMyZTlooQwZlFMMX0e0HpDX0vDe3Dv9REI2xf4g7fE/EwrI+h
sFt0mdsWerlvnxyaDcwq9fbZ2m82anyMuxoXc0VDTbi6GjWAuu7K54fhW53iczh2
ucQvDzh4gd2zDzf8fXJ/M5DvH3b5Z7spTTqBWnfNnP95z1fCuNXLwbarQ5UW/yYA
3nQrYELU8mJ3cb0+VzYHUAk94yy64sBhcsH0v53MkjvTK5rcPre5LateBK20ueNy
tCCm/teEzosBzsZ0xS7n74hxccRXKnjBZnt1eRvfkUpi/n8g6Z3UVBvcmtmmhvik
2lr24XdRxzZBzS0gcAb601Wr2sK+uEoWRwfpy/BwuIvjlod7/8+8OBhjx0L/NABy
0poSoOn8W6I6EgNzTdzyO176Kn2G7MtPo8O3jMS1tuzBdsge/gFb7N0lPpgd/7v/
tOeK6p26GvVz/Mq6RXRdoHbzVZl2d92ECfvG9MXlydo0hGV4FmO5pfJxg5ubp6/i
FLyBnnpsqa58AbpXmUL9jDgiiNbWEPpdZ28aauEywhxR6bh9d88=
=OtBx
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Next by Date: APPLE-SA-2022-09-12-1 iOS 16
  • Next by thread: APPLE-SA-2022-09-12-1 iOS 16
  • Index(es):
    • Date
    • Thread