CVE-2022-22669: About the security content of macOS Monterey 12.3

Released March 14, 2022

Accelerate Framework

Available for: macOS Monterey

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-22633: an anonymous researcher

AMD

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22669: an anonymous researcher

AppKit

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22665: Lockheed Martin Red Team

AppleGraphicsControl

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22631: an anonymous researcher

AppleScript

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

AppleScript

Available for: macOS Monterey

Impact: An application may be able to read restricted memory

Description: This issue was addressed with improved checks.

CVE-2022-22648: an anonymous researcher

AppleScript

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro

CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro

AppleScript

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

BOM

Available for: macOS Monterey

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: This issue was addressed with improved checks.

CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

curl

Available for: macOS Monterey

Impact: Multiple issues in curl

Description: Multiple issues were addressed by updating to curl version 7.79.1.

CVE-2021-22946

CVE-2021-22947

CVE-2021-22945

CVE-2022-22623

FaceTime

Available for: macOS Monterey

Impact: A user may send audio and video in a FaceTime call without knowing that they have done so

Description: This issue was addressed with improved checks.

CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida

ImageIO

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2022-22611: Xingyu Jin of Google

ImageIO

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2022-22612: Xingyu Jin of Google

Intel Graphics Driver

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A type confusion issue was addressed with improved state handling.

CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab

IOGPUFamily

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22641: Mohamed Ghannam (@_simo36)

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22613: Alex, an anonymous researcher

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22614: an anonymous researcher

CVE-2022-22615: an anonymous researcher

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22632: Keegan Saunders

Kernel

Available for: macOS Monterey

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A null pointer dereference was addressed with improved validation.

CVE-2022-22638: derrek (@derrekr6)

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22640: sqrtpwn

libarchive

Available for: macOS Monterey

Impact: Multiple issues in libarchive

Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.

CVE-2021-36976

Login Window

Available for: macOS Monterey

Impact: A person with access to a Mac may be able to bypass Login Window

Description: This issue was addressed with improved checks.

CVE-2022-22647: an anonymous researcher

LoginWindow

Available for: macOS Monterey

Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2022-22656

GarageBand MIDI

Available for: macOS Monterey

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2022-22657: Brandon Perry of Atredis Partners

GarageBand MIDI

Available for: macOS Monterey

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2022-22664: Brandon Perry of Atredis Partners

NSSpellChecker

Available for: macOS Monterey

Impact: A malicious application may be able to access information about a user’s contacts

Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.

CVE-2022-22644: an anonymous researcher

PackageKit

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22617: Mickey Jin (@patch1t)

Preferences

Available for: macOS Monterey

Impact: A malicious application may be able to read other applications’ settings

Description: The issue was addressed with additional permissions checks.

CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

QuickTime Player

Available for: macOS Monterey

Impact: A plug-in may be able to inherit the application’s permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing

Safari Downloads

Available for: macOS Monterey

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: This issue was addressed with improved checks.

CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

Sandbox

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: The issue was addressed with improved permissions logic.

CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran

Siri

Available for: macOS Monterey

Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen

Description: A permissions issue was addressed with improved validation.

CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)

SMB

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22651: Felix Poulin-Belanger

SoftwareUpdate

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-22639: Mickey Jin (@patch1t)

System Preferences

Available for: macOS Monterey

Impact: An app may be able to spoof system notifications and UI

Description: This issue was addressed with a new entitlement.

CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)

UIKit

Available for: macOS Monterey

Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions

Description: This issue was addressed with improved checks.

CVE-2022-22621: Joey Hewitt

Vim

Available for: macOS Monterey

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating Vim.

CVE-2021-4136

CVE-2021-4166

CVE-2021-4173

CVE-2021-4187

CVE-2021-4192

CVE-2021-4193

CVE-2021-46059

CVE-2022-0128

CVE-2022-0156

CVE-2022-0158

VoiceOver

Available for: macOS Monterey

Impact: A user may be able to view restricted content from the lock screen

Description: A lock screen issue was addressed with improved state management.

CVE-2021-30918: an anonymous researcher

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: A cookie management issue was addressed with improved state management.

WebKit Bugzilla: 232748
CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 232812
CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 233172
CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit Bugzilla: 234147
CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

WebKit Bugzilla: 234966
CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

WebKit

Available for: macOS Monterey

Impact: A malicious website may cause unexpected cross-origin behavior

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 235294
CVE-2022-22637: Tom McKee of Google

Wi-Fi

Available for: macOS Monterey

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2022-22668: MrPhil17

xar

Available for: macOS Monterey

Impact: A local user may be able to write arbitrary files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2022-22582: Richard Warren of NCC Group