CVE-2022-22579: About the security content of Security Update 2022-001 Catalina

Released January 26, 2022

Kernel

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed with improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

PackageKit

Available for: macOS Catalina

Impact: An application may be able to access restricted files

Description: A permissions issue was addressed with improved validation.

CVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point, Mickey Jin (@patch1t)

Sandbox

Available for: macOS Catalina

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: an anonymous researcher, @gorelics

TCC

Available for: macOS Catalina

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09), and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Wojciech Reguła (@_r3ggi), jhftss (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security