PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites. For details, please read the entire article.

**What’s happening**

The maintainer team has been made aware that malicious actors are exploiting a combination of known and unknown security vulnerabilities to inject malicious code in PrestaShop websites, allowing them to execute arbitrary instructions, and potentially steal customer’s payment information.

While investigating this attack, we found a previously unknown vulnerability chain that we are fixing. At the moment, however, we cannot be sure that it’s the only way for them to perform the attack. To the best of our understanding, this issue seems to concern shops based on versions 1.6.0.10 or greater, subject to SQL injection vulnerabilities. Versions 1.7.8.2 and greater are not vulnerable unless they are running a module or custom code which itself includes an SQL injection vulnerability. Note that versions 2.0.0~2.1.0 of the Wishlist (blockwishlist) module are vulnerable.

**How the attack works**

The attack requires the shop to be vulnerable to SQL injection exploits. To the best of our knowledge, the latest version of PrestaShop and its modules are free from these vulnerabilities. We believe attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.

According to our conversations with shop owners and developers, the recurring modus operandi looks like this:

1.  The attacker submits a POST request to the endpoint vulnerable to SQL injection.
2.  After approximately one second, the attacker submits a GET request to the homepage, with no parameters. This results in a PHP file called blm.php being created at the root of the shop’s directory.
3.  The attacker now submits a GET request to the new file that was created, blm.php, allowing them to execute arbitrary instructions.

After the attackers successfully gained control of a shop, they injected a fake payment form on the front-office checkout page. In this scenario, shop customers might enter their credit card information on the fake form, and unknowingly send it to the attackers.

While this seems to be the common pattern, attackers might be using a different one, by placing a different file name, modifying other parts of the software, planting malicious code elsewhere, or even erasing their tracks once the attack has been successful.

**What to do to keep your shop safe**

First of all, make sure that your shop and all your modules are updated to their latest version. This should prevent your shop from being exposed to known and actively exploited SQL injection vulnerabilities.

According to our current understanding of the exploit, attackers might be using MySQL Smarty cache storage features as part of the attack vector. This feature is rarely used and is disabled by default, but it can be enabled remotely by the attacker. Until a patch has been published, we recommend physically disabling this feature in PrestaShop’s code in order to break the attack chain.

To do so, locate the file config/smarty.config.inc.php on your PrestaShop install, and remove lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):

    if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
        include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
        $smarty->caching_type = 'mysql';
    }
    

**How to tell if you have been affected**

Consider looking at your server’s access log for the attack pattern explained above. This is an example shared by a community member:

    - [14/Jul/2022:16:20:56 +0200] "POST /modules/XXX/XXX.php HTTP/1.1" 200 82772 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14"
     
    - [14/Jul/2022:16:20:57 +0200] "GET / HTTP/1.1" 200 63011 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36"
     
    - [14/Jul/2022:16:20:58 +0200] "POST /blm.php HTTP/1.1" 200 82696 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
    

(Note: the vulnerable module’s path has been modified for security reasons)

Be aware that not finding this pattern on your logs doesn’t necessarily mean that your shop has not been affected by the attack: the complexity of the exploit means that there are several ways of performing it, and attackers might also try and hide their tracks.

Consider contacting a specialist to perform a full audit of your site and make sure that no file has been modified nor any malicious code has been added.

**Additional information**

A patch version is currently being tested, and should be released soon.

We would like to take the opportunity to stress out once more the importance of keeping your system updated to prevent such attacks. This means regularly updating both your PrestaShop software and its modules, as well as your server environment.

CVE-2022-36408: Major Security Vulnerability on PrestaShop Websites

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**About MultiSafepay**  
MultiSafepay is a collecting payment service provider which means we take care of the agreements, technical details and  
payment collection required for each payment method. You can start selling online today and manage all your transactions  
from one place.

**Supported Payment Methods**

Payment methods:  
\* AfterPay  
\* Alipay  
\* American Express  
\* Apple Pay  
\* Bank transfer  
\* Bancontact  
\* Belfius  
\* Betaal per Maand  
\* Dotpay  
\* E-Invoicing  
\* EPS  
\* Giropay  
\* iDEAL  
\* in3  
\* KBC/CBC  
\* Klarna  
\* Maestro  
\* Mastercard  
\* Pay After Delivery  
\* PayPal  
\* Paysafecard  
\* Request to Pay  
\* SEPA Direct Debit  
\* SOFORT Banking  
\* Trustly  
\* Visa

Giftcards:  
\* Baby Cadeaubon  
\* Beauty & Wellness  
\* Boekenbon  
\* Fashioncheque  
\* Fashion Giftcard  
\* Gezondheidsbon  
\* GivaCard  
\* Good4fun Giftcard  
\* Goodcard  
\* Fietsbon  
\* Nationale Tuinbon  
\* Parfum Cadeaukaart  
\* Podium  
\* Sport & Fit  
\* VVV Giftcard  
\* Webshop gift card  
\* Wellness gift card  
\* Wijncadeau  
\* Winkelcheque  
\* YourGift

To use the plugin you need a MultiSafepay account.  
Create an account

**Automatic Installation**

*   Search for the ‘MultiSafepay’ plugin via ‘Add New’ from the WordPress menu
*   Press the ‘Install now’ button

**Manual Installation**

*   Download the plugin from the WordPress Plugin Directory
*   Unzip the downloaded file to a local directory
*   Upload the directory ‘multisafepay’ to /wp-content/plugins/ on the remote server

**Configuration**

*   Activate the ‘MultiSafepay’ plugin via ‘Plugin’ from the WordPress menu
*   Navigate to _WooCommerce_ -> _MultiSafepay Settings_
*   In _Account_ tab, set the API key. Information about the API key can be found on our API key page. Click on _Save changes_ button.
*   Go to _Order Status_ tab and confirm the match between WooCommerce order statuses and MultiSafepay order statuses. Click on _Save changes_ button.
*   Go to _Options_ tab and confirm the settings for each field. Click on _Save changes_ button.
*   Navigate to _WooCommerce_ -> _Settings_ -> _Payments_. Click on the payment methods you would like to offer, check and set or confirm the settings for those been enable. Click on _Save changes_ button.

**How can I install the plugin for WooCommerce?**

*   Installation instruction can be found in our Manual page.

**How can I update the plugin for WooCommerce?**

Before you update the plugin, we strongly recommend you the following:

*   Make sure you have a backup of your production environment
*   Test the plugin in a staging environment.
*   Go to our Manual page, download the plugin and follow the instructions from step 2.

**How can I generate a payment link in the backend of WooCommerce?**

It is possible to generate a payment link when an order has been created at the backend in WooCommerce.  
The customer will receive the payment link in the email send by WooCommerce with the order details. Also the payment link will be added to the order notes.

Please follow these steps:

1.  Login into your backend and navigate to WooCommerce -> Orders -> Add order.
2.  Register the order details as explained in WooCommerce documentation.
3.  In “Order actions” panel; select the option “Email invoice / order details to customer”.
4.  Click on “Create” order button.
5.  An email will be sended to the customer with the details of the order and a payment link to finish the order.
6.  The payment link will be available for the customer in their private account area, in “Orders” section.

**Can I refund orders?**

Yes, you can fully or partially refund transactions directly from your WooCommerce backend for all payment methods, except for Billing Suite payment methods in which it is only possible to process full refunds.  
You can also refund from your MultiSafepay Control

MultiSafe plugin is nice as the plugin shows available currency Based on Geolocation IP.

Smoothless integration of the world's most versatile payment system into Woocommerce

Read all 2 reviews

“MultiSafepay plugin for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    multisafepayplugin

**Release Notes – WooCommerce 4.17.2 (Jul 22st, 2022)****Fixed**

*   PLGWOOS-825: Fix an issue in which some payment methods are not being shown in the checkout, because of the setting field country selector is assuming the wrong value in some cases

**Release Notes – WooCommerce 4.17.1 (Jul 22st, 2022)****Changed**

*   PLGWOOS-817: Improvement in the escaping of the outputs of the settings page

**Release Notes – WooCommerce 4.17.0 (Jul 21st, 2022)****Removed**

*   PLGWOOS-816: Remove validation to check if a gateway is enabled in the merchant account, before activate the WooCommerce payment method
*   PLGWOOS-818: Remove upgrade notice functionality in plugin list page

**Changed**

*   PLGWOOS-817: Improvement in sanitization and validation of the inputs, and escaping the outputs

**Release Notes – WooCommerce 4.16.0 (Jul 20th, 2022)****Added**

*   DAVAMS-490: Add MyBank payment method

**Removed**

*   PLGWOOS-811: Remove download plugin logs button and related methods

**Release Notes – WooCommerce 4.15.0 (May 25th, 2022)****Added**

*   DAVAMS-470: Add terms and conditions checkbox to AfterPay

**Changed**

*   PLGWOOS-805: Declare support for WordPress 6.0

**Release Notes – WooCommerce 4.14.0 (May 19th, 2022)****Added**

*   DAVAMS-476: Add Alipay+

**Changed**

*   PLGWOOS-804: Use default locale if get\_locale returns null to prevent third party plugin errors
*   PHPSDK-93: Upgrade the PHP-SDK dependency to 5.5.0

**Release Notes – WooCommerce 4.13.1 (Mar 23th, 2022)****Added**

*   PLGWOOS-792: Declare support for WordPress 5.9.2 and WooCommerce 6.3.1
*   PLGWOOS-790: Improvement on debug mode, logging the body of the POST notification request

**Fixed**

*   PLGWOOS-791: Fix error when WooCommerce order is not found after receive a valid POST notification

**Release Notes – WooCommerce 4.13.0 (Feb 1st, 2022)****Added**

*   PLGWOOS-770: Add payment component support for payment options: Visa, Mastercard, Maestro and American Express
*   PLGWOOS-774: Add support to process ‘smart\_coupon’ coupons from Smart Coupons third party plugin
*   PLGWOOS-775: Log shopping cart content when debug mode is enabled

**Release Notes – WooCommerce 4.12.0 (Jan 13th, 2022)****Added**

*   PLGWOOS-769: Add new filter ‘multisafepay\_merchant\_item\_id’ to allow third party developers overwrite the merchant\_item\_id property within the ShoppingCart object

**Changed**

*   PLGWOOS-744: Update ‘Betaal per Maand’ default max\_amount value, according with new product rules
*   PLGWOOS-759: Rebrand Sofort payment method

**Release Notes – WooCommerce 4.11.0 (Jan 4th, 2022)****Added**

*   PLGWOOS-745: Add Payment Component

**Changed**

*   PLGWOOS-765: Refactor PaymentMethodsController::generate\_orders\_from\_backend() to work only with one argument and avoiding conflicts with third party plugins
*   PLGWOOS-745: Tokenization now works through the Payment Component

**Fixed**

*   PLGWOOS-763: Fix error on plugin list when application can not connect with wordpress network

**Release Notes – WooCommerce 4.10.0 (Dec 13th, 2021)****Added**

*   PLGWOOS-748: Add PHP-SDK version to system report
*   PLGWOOS-758: Add filter to turn notifications to GET method

**Removed**

*   DAVAMS-460: Remove ING Home’Pay

**Changed**

*   PLGWOOS-695: Replace HTTP Client, use WP\_HTTP instead kriswallsmith/buzz
*   PLGWOOS-749: Replace logo of Bancontact for new one

**Fixed**

*   PLGWOOS-752: Fix missing placeholder for Test API Key input field in settings page

**Release Notes – WooCommerce 4.9.0 (Oct 18th, 2021)****Added**

*   PLGWOOS-715: Add 2 “Generic Gateways” which include a flexible gateway code that allows any merchant to connect to almost every payment method we offer.
*   PLGWOOS-746: Declare support for WordPress 5.8.1 and WooCommerce 5.8.0

**Changed**

*   PLGWOOS-740: Improve the helper text of the Google Analytics ID setting field, adding a link to Documentation Center
*   PLGWOOS-747: Upgrade the PHP-SDK component to 5.3.0

**Fixed**

*   PLGWOOS-739: Fix fatal error related with undefined method when processing orders using iDEAL QR
*   PLGWOOS-743: Fix broken links to Documentation Center in settings page

**Release Notes – WooCommerce 4.8.3 (Sep 6th, 2021)****Fixed**

*   PLGWOOS-737: Fix error related with refunds by updating the PHP-SDK to 5.2.1

**Release Notes – WooCommerce 4.8.2 (Sep 2nd, 2021)****Added**

*   PLGWOOS-730: Declare support for WooCommerce 5.6.0

**Release Notes – WooCommerce 4.8.1 (Aug 9th, 2021)****Fixed**

*   PLGWOOS-727: Show error message from the API in the checkout page, when there is an error on direct transactions

**Release Notes – WooCommerce 4.8.0 (Aug 4th, 2021)****Added**

*   PLGWOOS-723: Declare support for WooCommerce 5.5.2 and WordPress 5.8
*   PLGWOOS-711: Add missing titles in setting pages

**Changed**

*   PLGWOOS-718: Remove PSP ID string when register the transaction ID in WC\_Order->payment\_complete()

**Release Notes – WooCommerce 4.7.0 (Jun 23th, 2021)****Added**

*   PLGWOOS-706: Declare support for WooCommerce 5.4.1

**Changed**

*   PLGWOOS-672: Change notification method from GET to POST by default

**Fixed**

*   PLGWOOS-704: Log errors in the MultiSafepay log file, when processing notifications.

**Release Notes – WooCommerce 4.6.0 (May 19th, 2021)****Added**

*   PLGWOOS-625: Add log section in MultiSafepay settings page
*   PLGWOOS-666: Add MultiSafepay system status section in settings page
*   PLGWOOS-376: Add support to show upgrade notices in plugin list
*   PLGWOOS-657: Add nl\_BE language

**Fixed**

*   PLGWOOS-694: Fix notification for orders fully paid with gift cards
*   PLGWOOS-692: Fix Second Chance within the orderRequest object
*   PLGWOOS-654: Fix the gateway\_id assigned to the properties of each token

**Release Notes – WooCommerce 4.5.1 (Apr 7th, 2021)****Fixed**

*   PLGWOOS-661: Fix payment methods ids to match list of gateway lists keys, which was producing an error to process notification for Sofort payments
*   PLGWOOS-663: Fix stock decreasing error, in relation with Bank Transfer gateway and notification flows

**Release Notes – WooCommerce 4.5.0 (Mar 31th, 2021)****Fixed**

*   PLGWOOS-659: Fix initialization of the plugin on multisite environments in which WooCommerce has been activate network wide

**Added**

*   PLGWOOS-534: Add generic gateway

**Release Notes – WooCommerce 4.4.1 (Mar 25th, 2021)****Fixed**

*   PLGWOOS-653: Fix overwriting initial order status when transaction is initialized

**Release Notes – WooCommerce 4.4.0 (Mar 23th, 2021)****Fixed**

*   PLGWOOS-648: Return 0 as tax rate, if WooCommerce taxes are disabled but tax rules are registered
*   PLGWOOS-647: Add verification to check if the token used in the transaction belongs to the customer

**Added**

*   PLGWOOS-651: Add setting to select type of transaction in SEPA Direct Debit, E-Invoicing, in3, Santander Consumer Finance, AfterPay and iDEAL
*   PLGWOOS-644: Add setting to select type of transaction in Pay After Delivery
*   PLGWOOS-640: Add setting to select type of transaction in Bank Transfer

**Release Notes – WooCommerce 4.3.0 (Mar 18th, 2021)****Fixed**

*   PLGWOOS-626: Fix order not being cancelled when customer cancels the order
*   PLGWOOS-630: Fix include shipping item in full refund of billing suite payment methods

**Added**

*   PLGWOOS-629: Add shipping item to the order request, even if this one is free
*   PLGWOOS-631: Add delivery address in order request even if the shipping amount is 0
*   PLGWOOS-634: Add settings field to redirect to checkout page or cart page on cancelling the order
*   PLGWOOS-635: Add suggestion to set default initial order status for bank transfer to wc-on-hold
*   PLGWOOS-636: Add notification endpoint from version 3.8.0 to process deprecated notifications

**Changed**

*   PLGWOOS-622: Change notification url for all payment methods to a single notification url

**Release Notes – WooCommerce 4.2.2 (Mar 16th, 2021)****Fixed**

*   PLGWOOS-632: Fix undefined method get\_the\_user\_ip
*   PLGWOOS-621: Fix division by zero when fee price is 0

**Release Notes – WooCommerce 4.2.1 (Mar 11th, 2021)****Fixed**

*   PLGWOOS-613: Fix error related with multiple forwarded IPs by updating the PHP-SDK to 5.0.1

**Added**

*   PLGWOOS-398: Add support to change the data in the OrderRequest using WordPress filters

**Changed**

*   PLGWOOS-614: Avoid changing order status if transaction is partially refunded

**Release Notes – WooCommerce 4.2.0 (Mar 9th, 2021)****Changed**

*   PLGWOOS-602: Move invoice and shipped settings field from order status tab to options tab
*   PLGWOOS-602: Remove completed status from order status tab in settings page
*   PLGWOOS-601: Change default status for declined transactions from wc-cancelled to wc-failed

**Fixed**

*   PLGWOOS-599: Fix typo in string message when payment method changes
*   PLGWOOS-598: Replace hardcoded url using plugins\_url function
*   PLGWOOS-605: Fix description of country filter field

**Added**

*   PLGWOOS-603: Add setting field for custom order description
*   PLGWOOS-604: Add forwarded IP to the CustomerDetails object
*   PLGWOOS-597: Support for orders with is\_vat\_exempt
*   PLGWOOS-606: Add chargedback transaction status in plugin settings

**Release Notes – WooCommerce 4.1.8 (Mar 5th, 2021)****Changed**

*   PLGWOOS-593: Register PSP ID in WooCommerce order using order complete payment method
*   PLGWOOS-593: Change notification method on completed status to use $order->complete\_payment()

**Fixed**

*   PLGWOOS-594: Fix Credit Card payment method form, to show description if customer is not logged in

**Release Notes – WooCommerce 4.1.7 (Mar 3th, 2021)****Changed**

*   PLGWOOS-579: Remove warning message on validation, when enabling CREDITCARD gateway

**Fixed**

*   PLGWOOS-584: Fix conflict with third party plugins related with Discovery exception
*   PLGWOOS-585: Set MultiSafepay transaction as shipped or invoiced using order number instead of order id

**Release Notes – WooCommerce 4.1.6 (Mar 2nd, 2021)****Added**

*   PLGWOOS-574: Add locale support

**Changed**

*   PLGWOOS-575: Change settings page capability requirement from manage\_options to manage\_woocommerce

**Fixed**

*   PLGWOOS-580: Show credit card payment method description in checkout
*   PLGWOOS-569: Remove class that trigger validation styles for ideal select in checkout page

**Release Notes – WooCommerce 4.1.5 (Feb 24th, 2021)****Fixed**

*   PLGWOOS-552: Fix product item price with discounts introduced by third party plugins (#252)

**Release Notes – WooCommerce 4.1.4 (Feb 23th, 2021)****Fixed**

*   PLGWOOS-563: Remove some nonce validations to support custom checkouts forms (#249)
*   PLGWOOS-550: Typecast cart item quantity to int to avoid errors in the PHP-SDK (#248)

**Changed**

*   PLGWOOS-556: Change composer dependencies to avoid conflicts with other plugins (#247)
*   PLGWOOS-562: Add fallback for in3, in case no fields is filled in checkout, convert the transaction to redirect type (#250)

**Release Notes – WooCommerce 4.1.3 (Feb 21th, 2021)****Fixed**

*   PLGWOOS-549: Support custom order numbers generated by third party plugins in notification method
*   PLGWOOS-551: Resize logo if theme used by merchant do not support WooCommerce

**Release Notes – WooCommerce 4.1.2 (Feb 19th, 2021)****Fixed**

*   PLGWOOS-548: Fix iDEAL gateway if no issuer selected in checkout

**Release Notes – WooCommerce 4.1.1 (Feb 18th, 2021)****Changed**

*   PLGWOOS-545: Remove API Key validation

**Release Notes – WooCommerce 4.1.0 (Feb 17th, 2021)****Added**

*   PLGWOOS-512: Add support for tokenization.
*   PLGWOOS-521: Change order status on callback even if merchant did not save the settings, using defaults.
*   PLGWOOS-530: Process notification, even when the payment method returned by MultiSafepay is not registered as WooCommerce gateway.
*   PLGWOOS-531: Avoid process refund if amount submited in backend is 0

**Fixed**

*   PLGWOOS-535: Fix bug min\_amount filter
*   PLGWOOS-536: Fix instructions in multi select country field
*   PLGWOOS-518: Fix protocol of notification URL
*   PLGWOOS-526: Fix typo error in AfterPay payment method title
*   PLGWOOS-523: Fix type of transaction to redirect for Dotpay payment method

**Changed**

*   PLGWOOS-519: Improvement for coupons support in ShoppingCart.
*   PLGWOOS-528: Refactor gender and salutation fields to process different validation messages
*   PLGWOOS-503: Move debug mode field to options section

**Removed**

*   PLGWOOS-525: Remove validation in backend for MultiSafepay payment method
*   PLGWOOS-516: Avoid initialize the plugin if WooCommerce is not active

**Release Notes – WooCommerce 4.0.0 (internal release) (Feb 12th, 2021)****Added**

*   Complete rewrite of the plugin
*   Full and partial refunds for non billing suite payment methods
*   Full refunds for billing suite payment methods
*   Set MultiSafepay transactions as shipped when order reach the defined status in settings
*   Set MultiSafepay transaction as invoiced when order reach the defined status in settings
*   Filter payment methods by country
*   Filter payment methods by maximum amount of order
*   Filter payment methods by minimum amount of order
*   Custom initialized status for each payment method
*   Validations in backend settings fields
*   Support for compound taxes

**Changed**

*   PLGWOOS-410: Refactor plugin using the PHP-SDK

**Removed**

*   Remove FastCheckout

CVE-2022-33901: MultiSafepay plugin for WooCommerce

Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

Safari 15.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213341.

Safari Extensions  
Available for: macOS Big Sur and macOS Catalina  
Impact: Visiting a maliciously crafted website may leak sensitive  
data  
Description: The issue was addressed with improved UI handling.  
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National  
University

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero  
Day Initiative

WebRTC  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution.  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

Safari 15.6 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p  
rhh3QA//cN/O9LcDr67uACD/222GDWGZnm80emLeEmJaczyRYZNswciqGhAc7EPd  
qfyVvzq2DHAvFm64gGSGX6rzOzZbY9QRvkQ4TodqugeBoAIO0VM2moLTO/KR74fE  
SwWeWHTrPYD9k6/zCL7o3XdrwTcqvlbYD9AXSIJ1lI4BmmbDIjjLFjH5NfrsBixy  
vthQmj99twepLofgo1Wfjg1AfwUMrr6BVnZcpxEyBBjrjpBD5FVEZWJ+RB4nUaKP  
6aM4CPpXqPbou0w3bgMt0K8x2qpudolxOFfStu2FsSFVnw2B5khgcCL0C2qIO9Hb  
5n5NDb1FuPI7sDNcREIbBGjHqcjpQv5wkF7lz1EK6UQk3D4Rp8RJXFKYDWgwKNVA  
GcMEBXW8XmI3UrfpRJi/B8o/rMA9y75hVnPujl+KN9jX/6Ey7p09OK3hJavaFDuY  
heZyqdlfAa81Gwf+VBoF8bkYKZj2GCGOOL+zsuPLrtyEL8y28P5ZIBc5ALSzDgK5  
Fv4VnaE4adu8NIqU3DimQeD44G4IpZAhhS4BMiTVosZ+KUjtnX3hmFR+wI8bV2I1  
oBYtwRZOUyMHAfRSLtJFriqy5N5XK4NRD4Xb9q5auOOeyhWcgGY0K+9kSTNdDP6o  
hR93N6uOYQt7htOmiXF7ztUDMikh2i7A9NScLyX/k3y9uvtWMmw=  
=bU24  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-7

Apple Security Advisory 2022-07-20-6 - watchOS 8.7 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-07-20-6 watchOS 8.7

watchOS 8.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213340.

APFS  
Available for: Apple Watch Series 3 and later  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: A remote user may be able to cause kernel code execution  
Description: A buffer overflow issue was addressed with improved  
bounds checking.  
CVE-2022-32788: Natalie Silvanovich of Google Project Zero

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom  
(@jaakerblom)

AppleMobileFileIntegrity  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to gain root privileges  
Description: An authorization issue was addressed with improved state  
management.  
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 4  
and later  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with improved checks.  
CVE-2022-32845: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 4  
and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-32840: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 4  
and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32810: Mohamed Ghannam (@_simo36)

Audio  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-32820: an anonymous researcher

Audio  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32825: John Aakerblom (@jaakerblom)

CoreText  
Available for: Apple Watch Series 3 and later  
Impact: A remote user may cause an unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: Multiple out-of-bounds write issues were addressed with  
improved bounds checking.  
CVE-2022-32793: an anonymous researcher

GPU Drivers  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-32821: John Aakerblom (@jaakerblom)

ICU  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

ImageIO  
Available for: Apple Watch Series 3 and later  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32841: hjy79425575

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32813: Xinru Chi of Pangu Lab  
CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to disclose kernel memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An app with arbitrary kernel read and write capability may be  
able to bypass Pointer Authentication  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)

Liblouis  
Available for: Apple Watch Series 3 and later  
Impact: An app may cause unexpected app termination or arbitrary code  
execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China  
(nipc.org.cn)

libxml2  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to leak sensitive user information  
Description: A memory initialization issue was addressed with  
improved memory handling.  
CVE-2022-32823

Multi-Touch  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved  
checks.  
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Multi-Touch  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved state  
handling.  
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Software Update  
Available for: Apple Watch Series 3 and later  
Impact: A user in a privileged network position can track a user’s  
activity  
Description: This issue was addressed by using HTTPS when sending  
information over the network.  
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero  
Day Initiative

Wi-Fi  
Available for: Apple Watch Series 3 and later  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32847: Wang Yu of Cyberserval

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła  
(@_r3ggi) of SecuRing for their assistance.

configd  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła  
(@_r3ggi) of SecuRing for their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1p  
rhjSsg//XnukSPtKHk58IOSkcWaTk0WdrYv2+dGbdgkcPBgO2ehNQqk1xI3LDHLN  
b6A5MMaoR4ityTEC+i4XFWxVJNfzXFa1SHMiht1uJDtaNCc2F+VIP+EZJx2KYe7H  
O8F0g9lF33hQE3xDjrwtPe+7wYjfzgDX8iCbsfaNDPAWBq0BfNA8/4bv5GzPaPC4  
qcP+W9IRb11yAzlnCEgJNhMB0SLwtzpcUYLKcJbPdilABeYe08CLIIVAw2vKI1Kk  
J7sk/ZiGKnB1ZHa+fl17ahApKkLePnFtHR9rMseEpyRbPa7EvomZxUQoLvbaDf+Q  
gRqtysAw8oxfhetorvDFwAem3eCRdgJ/T/0U6jC+4dfHzVnGxV27K/PgF3GWRDU5  
trPVZ0cu8qdzgNAwSuRHTxTg923FN7cR14NL66TkGZ1d/VKfn1l0h1wctoPOhHPR  
zWJi5P8WbprG1XVWNx+aJYW09VIMsujJrrGQSn78o6gXOR2salEDiCs2JixKZnqK  
CV4+uGQIiE8bD0oA1B1uFQiPx3XtgOY92QQl8Jnn/7Xa6QQ0hq/3NmDN66RzO78S  
I4pH4Vt/L0LNoArGMCrO4URpLiQx5Au0niH5+jbvHyWr1Bm3Y+dMRP1yds3aLQ0Q  
16FIrWStzY+cnmOXQKczTIiaJYuSMjCOQicLuWx/q2ghfLCJ16E=  
=6Uj+  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-6

Apple Security Advisory 2022-07-20-5 - tvOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, out of bounds read, out of bounds write, and spoofing vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-07-20-5 tvOS 15.6tvOS 15.6 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213342.APFSAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app with root privileges may be able to execute arbitrarycode with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32832: Tommy Muir (@Muirey03)AppleAVDAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: A remote user may be able to cause kernel code executionDescription: A buffer overflow issue was addressed with improvedbounds checking.CVE-2022-32788: Natalie Silvanovich of Google Project ZeroAppleAVDAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom(@jaakerblom)AppleMobileFileIntegrityAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to gain root privilegesDescription: An authorization issue was addressed with improved statemanagement.CVE-2022-32826: Mickey Jin (@patch1t) of Trend MicroAudioAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-32820: an anonymous researcherAudioAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32825: John Aakerblom (@jaakerblom)CoreMediaAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom(@jaakerblom)CoreTextAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: A remote user may cause an unexpected app termination orarbitrary code executionDescription: The issue was addressed with improved bounds checks.CVE-2022-32839: STAR Labs (@starlabs_sg)File System EventsAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to gain root privilegesDescription: A logic issue was addressed with improved statemanagement.CVE-2022-32819: Joshua Mason of MandiantGPU DriversAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to disclose kernel memoryDescription: Multiple out-of-bounds write issues were addressed withimproved bounds checking.CVE-2022-32793: an anonymous researcherGPU DriversAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-32821: John Aakerblom (@jaakerblom)iCloud Photo LibraryAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to access sensitive user informationDescription: An information disclosure issue was addressed byremoving the vulnerable code.CVE-2022-32849: Joshua JonesICUAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: An out-of-bounds write issue was addressed with improvedbounds checking.CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs& DNSLab, Korea Univ.ImageIOAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: Processing a maliciously crafted image may result indisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32841: hjy79425575ImageIOAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: Processing a maliciously crafted file may lead to arbitrarycode executionDescription: A logic issue was addressed with improved checks.CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin(@patch1t)ImageIOAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: Processing a maliciously crafted image may lead to disclosureof user informationDescription: An out-of-bounds read issue was addressed with improvedbounds checking.CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu SecurityKernelAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app with root privileges may be able to execute arbitrarycode with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32813: Xinru Chi of Pangu LabCVE-2022-32815: Xinru Chi of Pangu LabKernelAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to disclose kernel memoryDescription: An out-of-bounds read issue was addressed with improvedbounds checking.CVE-2022-32817: Xinru Chi of Pangu LabKernelAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app with arbitrary kernel read and write capability may beable to bypass Pointer AuthenticationDescription: A logic issue was addressed with improved statemanagement.CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)LiblouisAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may cause unexpected app termination or arbitrary codeexecutionDescription: This issue was addressed with improved checks.CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China(nipc.org.cn)libxml2Available for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to leak sensitive user informationDescription: A memory initialization issue was addressed withimproved memory handling.CVE-2022-32823Multi-TouchAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A type confusion issue was addressed with improvedchecks.CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)Software UpdateAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: A user in a privileged network position can track a user’sactivityDescription: This issue was addressed by using HTTPS when sendinginformation over the network.CVE-2022-32857: Jeffrey Paul (sneak.berlin)WebKitAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: Visiting a website that frames malicious content may lead toUI spoofingDescription: The issue was addressed with improved UI handling.WebKit Bugzilla: 239316CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs& DNSLab, Korea Univ.WebKitAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.WebKit Bugzilla: 240720CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro ZeroDay InitiativeWi-FiAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: An app may be able to cause unexpected system termination orwrite kernel memoryDescription: This issue was addressed with improved checks.CVE-2022-32837: Wang Yu of CyberservalWi-FiAvailable for: Apple TV 4K, Apple TV 4K (2nd generation), and AppleTV HDImpact: A remote user may be able to cause unexpected systemtermination or corrupt kernel memoryDescription: This issue was addressed with improved checks.CVE-2022-32847: Wang Yu of CyberservalAdditional recognition802.1XWe would like to acknowledge Shin Sun of National Taiwan Universityfor their assistance.AppleMobileFileIntegrityWe would like to acknowledge Csaba Fitzl (@theevilbit) of OffensiveSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła(@_r3ggi) of SecuRing for their assistance.configdWe would like to acknowledge Csaba Fitzl (@theevilbit) of OffensiveSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła(@_r3ggi) of SecuRing for their assistance.Apple TV will periodically check for software updates. Alternatively,you may manually check for software updates by selecting "Settings ->System -> Software Update -> Update Software."  To check the currentversion of software, select "Settings -> General -> About."All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuUACgkQeC9qKD1prhgqhA//RvdwRWv4x9V+fyJIcdfoFcXnJ/E5rxv6BQjpWnVcFRa/QKVU5lu7AbMkg6R+txpMiG1JAMqAB4oySZMtlxg0RVjCK3vBRy6v61uhBM5IgupHVZeXRVdYNGlJyitKP7fFbYBuZ9+wcXNE8zeKpF+dUsz0T6CNh4bo6kStyBH5RqpWdPmX5XBtwwf7/czmfRLrhqcWdhkXJ99yN+836TFtqnUDddJRCx0DRXLYuZCXTe2QwqY6F7d+JrCOP5XN3WntDeYZ6Yn7OK4a1KWdQ9DaKfbpVU/3iC5gFbwLkejzt7rk7QohxetWPooKkD6VMT+lnAS6jDqlLqnb+JLZKM353VQEW5lvLs2/UO0IqP/dSAJwHopikooKPcs+KegPiZ8O9OEiYBuVAXZiGgQYFhx3eFu+BWoSSsX3JVSsYPQE1ehF8wy5PbjpK9ru7/s9ZpOpl0rTiBUxMc/yTZbJ2BBZf9lMCykhciQ5wZC5tmfELFnhszQEiBM9mN3Kea5jRTobOq8gU/nb4AZbnVFMJ+gX60w8ZlvGI+E+bnEZq+tBlXFHMZ63avjsYarQD+2Gs4FtmeAEc7/vJ8RY3RI4mqu+9rMaxniPjsLCY8Kl5OvSYJrbs4YL+dqxe7Mp20mn2COHtyFEEOoh+NVY1XuzSoDX4TeDBxpuqH5l9MV4TMFUh4M==i68Z-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-5

Apple Security Advisory 2022-07-20-4 - Security Update 2022-005 Catalina addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina

Security Update 2022-005 Catalina addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213343.

APFS  
Available for: macOS Catalina  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleMobileFileIntegrity  
Available for: macOS Catalina  
Impact: An app may be able to gain root privileges  
Description: An authorization issue was addressed with improved state  
management.  
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu  
Security, Mickey Jin (@patch1t) of Trend Micro

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security  
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security

Audio  
Available for: macOS Catalina  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-32820: an anonymous researcher

Calendar  
Available for: macOS Catalina  
Impact: An app may be able to access sensitive user information  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security

Calendar  
Available for: macOS Catalina  
Impact: An app may be able to access user-sensitive data  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2022-32849: Joshua Jones

CoreText  
Available for: macOS Catalina  
Impact: A remote user may cause an unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32839: STAR Labs (@starlabs_sg)

FaceTime  
Available for: macOS Catalina  
Impact: An app with root privileges may be able to access private  
information  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing

File System Events  
Available for: macOS Catalina  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32819: Joshua Mason of Mandiant

ICU  
Available for: macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

ImageIO  
Available for: macOS Catalina  
Impact: Processing an image may lead to a denial-of-service  
Description: A null pointer dereference was addressed with improved  
validation.  
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2022-32811: ABC Research s.r.o

Kernel  
Available for: macOS Catalina  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32815: Xinru Chi of Pangu Lab  
CVE-2022-32813: Xinru Chi of Pangu Lab

libxml2  
Available for: macOS Catalina  
Impact: An app may be able to leak sensitive user information  
Description: A memory initialization issue was addressed with  
improved memory handling.  
CVE-2022-32823

PackageKit  
Available for: macOS Catalina  
Impact: An app may be able to modify protected parts of the file  
system  
Description: An issue in the handling of environment variables was  
addressed with improved validation.  
CVE-2022-32786: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Catalina  
Impact: An app may be able to modify protected parts of the file  
system  
Description: This issue was addressed with improved checks.  
CVE-2022-32800: Mickey Jin (@patch1t)

PluginKit  
Available for: macOS Catalina  
Impact: An app may be able to read arbitrary files  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

PS Normalizer  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted Postscript file may result  
in unexpected app termination or disclosure of process memory  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz

SMB  
Available for: macOS Catalina  
Impact: An app may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)

SMB  
Available for: macOS Catalina  
Impact: A user in a privileged network position may be able to leak  
sensitive information  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)

Software Update  
Available for: macOS Catalina  
Impact: A user in a privileged network position can track a user’s  
activity  
Description: This issue was addressed by using HTTPS when sending  
information over the network.  
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

Spindump  
Available for: macOS Catalina  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed with improved file handling.  
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Spotlight  
Available for: macOS Catalina  
Impact: An app may be able to gain elevated privileges  
Description: A validation issue in the handling of symlinks was  
addressed with improved validation of symlinks.  
CVE-2022-26704: Joshua Mason of Mandiant

TCC  
Available for: macOS Catalina  
Impact: An app may be able to access sensitive user information  
Description: An access issue was addressed with improvements to the  
sandbox.  
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)  
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Vim  
Available for: macOS Catalina  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating Vim.  
CVE-2021-4136  
CVE-2021-4166  
CVE-2021-4173  
CVE-2021-4187  
CVE-2021-4192  
CVE-2021-4193  
CVE-2021-46059  
CVE-2022-0128

Wi-Fi  
Available for: macOS Catalina  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32847: Wang Yu of Cyberserval

Security Update 2022-005 Catalina may be obtained from the Mac App  
Store or Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p  
rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32  
qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC  
zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1  
PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA  
6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW  
g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J  
96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj  
8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN  
NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F  
lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK  
8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao=  
=fcrb  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-4

Apple Security Advisory 2022-07-20-3 - macOS Big Sur 11.6.8 addresses code execution, information leakage, null pointer, out of bounds read, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8

macOS Big Sur 11.6.8 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213344.

APFS  
Available for: macOS Big Sur  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleMobileFileIntegrity  
Available for: macOS Big Sur  
Impact: An app may be able to gain root privileges  
Description: An authorization issue was addressed with improved state  
management.  
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu  
Security, Mickey Jin (@patch1t) of Trend Micro

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security  
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security

Audio  
Available for: macOS Big Sur  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32825: John Aakerblom (@jaakerblom)

Audio  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-32820: an anonymous researcher

Calendar  
Available for: macOS Big Sur  
Impact: An app may be able to access sensitive user information  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security

Calendar  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2022-32849: Joshua Jones

CoreText  
Available for: macOS Big Sur  
Impact: A remote user may cause an unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32839: STAR Labs (@starlabs_sg)

FaceTime  
Available for: macOS Big Sur  
Impact: An app with root privileges may be able to access private  
information  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing

File System Events  
Available for: macOS Big Sur  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32819: Joshua Mason of Mandiant

ICU  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

ImageIO  
Available for: macOS Big Sur  
Impact: Processing an image may lead to a denial-of-service  
Description: A null pointer dereference was addressed with improved  
validation.  
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2022-32811: ABC Research s.r.o

Kernel  
Available for: macOS Big Sur  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32815: Xinru Chi of Pangu Lab  
CVE-2022-32813: Xinru Chi of Pangu Lab

libxml2  
Available for: macOS Big Sur  
Impact: An app may be able to leak sensitive user information  
Description: A memory initialization issue was addressed with  
improved memory handling.  
CVE-2022-32823

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file  
system  
Description: An issue in the handling of environment variables was  
addressed with improved validation.  
CVE-2022-32786: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file  
system  
Description: This issue was addressed with improved checks.  
CVE-2022-32800: Mickey Jin (@patch1t)

PluginKit  
Available for: macOS Big Sur  
Impact: An app may be able to read arbitrary files  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

PS Normalizer  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted Postscript file may result  
in unexpected app termination or disclosure of process memory  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz

Software Update  
Available for: macOS Big Sur  
Impact: A user in a privileged network position can track a user’s  
activity  
Description: This issue was addressed by using HTTPS when sending  
information over the network.  
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

Spindump  
Available for: macOS Big Sur  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed with improved file handling.  
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Spotlight  
Available for: macOS Big Sur  
Impact: An app may be able to gain elevated privileges  
Description: A validation issue in the handling of symlinks was  
addressed with improved validation of symlinks.  
CVE-2022-26704: Joshua Mason of Mandiant

TCC  
Available for: macOS Big Sur  
Impact: An app may be able to access sensitive user information  
Description: An access issue was addressed with improvements to the  
sandbox.  
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)  
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating Vim.  
CVE-2022-0156  
CVE-2022-0158

Wi-Fi  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32847: Wang Yu of Cyberserval

Windows Server  
Available for: macOS Big Sur  
Impact: An app may be able to capture a user’s screen  
Description: A logic issue was addressed with improved checks.  
CVE-2022-32848: Jeremy Legendre of MacEnhance

macOS Big Sur 11.6.8 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYf6sACgkQeC9qKD1p  
rhgOJBAAtzyKOqdTnnBbwbFoG/HoZIbCVSVOtI5VIGH1weMQ72R3X2tXB5yTlpto  
3l/eoMe0/covxipiZ+CvTh9tM5ZfV3IxN4bpsbxew1R/s81YE2K55dFp5+4zzqgh  
YyWrx8SntngP9PywAdKa+GRZrW7R95oNp2UTwifcQvFPs40F/OPrNQm23Xkmqsx0  
zNNvMmqPaeCU8mgIOadO/uv626LjnkyKdwHKM3VBxGmklNEddQDjjoWcYugH7QYj  
e28EpKINEYfGVP/5n4uSeP6+kXmJj9nLzdKzfBD78gyBu5NX3Ai5Wh1BbsFMoFYE  
wcqlgEjMk3440babLb9kSRm81NX+EPgJLtjVPNRIrqs8pTh95CcDTRsotDUDl03R  
BrP6XGyXiS+3XyhdbamJDG9pCthJdo455XaYOlmzgIfgTJMkX3kdxiMAgGvbkPVl  
3IesUuChRvi6pZwTWXN4k5Rn9epZSV+9HaYplnFPScJpYeLzUKThz1P2KbMTd0CT  
fiBU+fxwQqfzGRX3gyzRz0DMqiGdk0PnO9pfWND+9lQDyht7s73XnZrVOnPZHGYC  
tiNdrEHm+4WKaEwl/5invCZ8vPaiJ9cTH/aSbeRkeqR8ilDQMIhm2xooSP8Sd00E  
gTOoTOANfxrOqkFWhj0HQEq5OmCeALkE8BqiLuOVVIrN4e2LgPg=  
=6wU+  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-3

Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-07-20-2 macOS Monterey 12.5

macOS Monterey 12.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213345.

APFS  
Available for: macOS Monterey  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32832: Tommy Muir (@Muirey03)

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: An authorization issue was addressed with improved state  
management.  
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32810: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-32840: Mohamed Ghannam (@_simo36)

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with improved checks.  
CVE-2022-32845: Mohamed Ghannam (@_simo36)

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu  
Security, Mickey Jin (@patch1t) of Trend Micro

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security  
CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security  
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected termination or disclosure of process memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security

Audio  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-32820: an anonymous researcher

Audio  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32825: John Aakerblom (@jaakerblom)

Automation  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved checks.  
CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Calendar  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user information  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security

CoreMedia  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom  
(@jaakerblom)

CoreText  
Available for: macOS Monterey  
Impact: A remote user may cause an unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32839: STAR Labs (@starlabs_sg)

File System Events  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32819: Joshua Mason of Mandiant

GPU Drivers  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: Multiple out-of-bounds write issues were addressed with  
improved bounds checking.  
CVE-2022-32793: an anonymous researcher

GPU Drivers  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-32821: John Aakerblom (@jaakerblom)

iCloud Photo Library  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user information  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2022-32849: Joshua Jones

ICU  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

ImageIO  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32841: hjy79425575  
ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may lead to a denial-of-service  
Description: A null pointer dereference was addressed with improved  
validation.  
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2022-32811: ABC Research s.r.o

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.

Kernel  
Available for: macOS Monterey  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32813: Xinru Chi of Pangu Lab  
CVE-2022-32815: Xinru Chi of Pangu Lab

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32817: Xinru Chi of Pangu Lab

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-32829: an anonymous researcher

Liblouis  
Available for: macOS Monterey  
Impact: An app may cause unexpected app termination or arbitrary code  
execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China  
(nipc.org.cn)

libxml2  
Available for: macOS Monterey  
Impact: An app may be able to leak sensitive user information  
Description: A memory initialization issue was addressed with  
improved memory handling.  
CVE-2022-32823

Multi-Touch  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved  
checks.  
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

Multi-Touch  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A type confusion issue was addressed with improved state  
handling.  
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file  
system  
Description: An issue in the handling of environment variables was  
addressed with improved validation.  
CVE-2022-32786: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file  
system  
Description: This issue was addressed with improved checks.  
CVE-2022-32800: Mickey Jin (@patch1t)

PluginKit  
Available for: macOS Monterey  
Impact: An app may be able to read arbitrary files  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro

PS Normalizer  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted Postscript file may result  
in unexpected app termination or disclosure of process memory  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz

SMB  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)

SMB  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)

SMB  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)

SMB  
Available for: macOS Monterey  
Impact: A user in a privileged network position may be able to leak  
sensitive information  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)

SMB  
Available for: macOS Monterey  
Impact: An app may be able to leak sensitive kernel state  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)

Software Update  
Available for: macOS Monterey  
Impact: A user in a privileged network position can track a user’s  
activity  
Description: This issue was addressed by using HTTPS when sending  
information over the network.  
CVE-2022-32857: Jeffrey Paul (sneak.berlin)

Spindump  
Available for: macOS Monterey  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed with improved file handling.  
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Spotlight  
Available for: macOS Monterey  
Impact: An app may be able to gain root privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-32801: Joshua Mason (@josh@jhu.edu)

subversion  
Available for: macOS Monterey  
Impact: Multiple issues in subversion  
Description: Multiple issues were addressed by updating subversion.  
CVE-2021-28544: Evgeny Kotkov, visualsvn.com  
CVE-2022-24070: Evgeny Kotkov, visualsvn.com  
CVE-2022-29046: Evgeny Kotkov, visualsvn.com  
CVE-2022-29048: Evgeny Kotkov, visualsvn.com

TCC  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user information  
Description: An access issue was addressed with improvements to the  
sandbox.  
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)  
of Tencent Security Xuanwu Lab (xlab.tencent.com)

WebKit  
Available for: macOS Monterey  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 239316  
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs  
& DNSLab, Korea Univ.

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
WebKit Bugzilla: 240720  
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero  
Day Initiative

WebRTC  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution.  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 242339  
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team

Wi-Fi  
Available for: macOS Monterey  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32837: Wang Yu of Cyberserval

Wi-Fi  
Available for: macOS Monterey  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: This issue was addressed with improved checks.  
CVE-2022-32847: Wang Yu of Cyberserval

Windows Server  
Available for: macOS Monterey  
Impact: An app may be able to capture a user’s screen  
Description: A logic issue was addressed with improved checks.  
CVE-2022-32848: Jeremy Legendre of MacEnhance

Additional recognition

802.1X  
We would like to acknowledge Shin Sun of National Taiwan University  
for their assistance.

AppleMobileFileIntegrity  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła  
(@_r3ggi) of SecuRing for their assistance.

Calendar  
We would like to acknowledge Joshua Jones for their assistance.

configd  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła  
(@_r3ggi) of SecuRing for their assistance.

DiskArbitration  
We would like to acknowledge Mike Cush for their assistance.

macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p  
rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b  
/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh  
6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn  
Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa  
mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9  
V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr  
pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD  
TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q  
WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV  
fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n  
DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=  
=ibIr  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-2

Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6iOS 15.6 and iPadOS 15.6 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213346.APFSAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app with root privileges may be able to execute arbitrarycode with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32832: Tommy Muir (@Muirey03)AppleAVDAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote user may be able to cause kernel code executionDescription: A buffer overflow was addressed with improved boundschecking.CVE-2022-32788: Natalie Silvanovich of Google Project ZeroAppleAVDAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom(@jaakerblom)AppleMobileFileIntegrityAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to gain root privilegesDescription: An authorization issue was addressed with improved statemanagement.CVE-2022-32826: Mickey Jin (@patch1t) of Trend MicroApple Neural EngineAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to break out of its sandboxDescription: This issue was addressed with improved checks.CVE-2022-32845: Mohamed Ghannam (@_simo36)Apple Neural EngineAvailable for devices with Apple Neural Engine: iPhone 8 and later,iPad Pro (3rd generation) and later, iPad Air (3rd generation) andlater, and iPad mini (5th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: This issue was addressed with improved checks.CVE-2022-32840: Mohamed Ghannam (@_simo36)CVE-2022-32829: an anonymous researcherApple Neural EngineAvailable for devices with Apple Neural Engine: iPhone 8 and later,iPad Pro (3rd generation) and later, iPad Air (3rd generation) andlater, and iPad mini (5th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32810: Mohamed Ghannam (@_simo36)AudioAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2022-32820: an anonymous researcherAudioAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32825: John Aakerblom (@jaakerblom)CoreMediaAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom(@jaakerblom)CoreTextAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote user may cause an unexpected app termination orarbitrary code executionDescription: The issue was addressed with improved bounds checks.CVE-2022-32839: STAR Labs (@starlabs_sg)File System EventsAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to gain root privilegesDescription: A logic issue was addressed with improved statemanagement.CVE-2022-32819: Joshua Mason of MandiantGPU DriversAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to disclose kernel memoryDescription: Multiple out-of-bounds write issues were addressed withimproved bounds checking.CVE-2022-32793: an anonymous researcherGPU DriversAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A memory corruption issue was addressed with improvedvalidation.CVE-2022-32821: John Aakerblom (@jaakerblom)HomeAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A user may be able to view restricted content from the lockscreenDescription: A logic issue was addressed with improved statemanagement.CVE-2022-32855: an anonymous researcheriCloud Photo LibraryAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to access sensitive user informationDescription: An information disclosure issue was addressed byremoving the vulnerable code.CVE-2022-32849: Joshua JonesICUAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: An out-of-bounds write issue was addressed with improvedbounds checking.CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs& DNSLab, Korea Univ.ImageIOAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a maliciously crafted image may result indisclosure of process memoryDescription: The issue was addressed with improved memory handling.CVE-2022-32841: hjy79425575ImageIOAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a maliciously crafted file may lead to arbitrarycode executionDescription: A logic issue was addressed with improved checks.CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin(@patch1t)ImageIOAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing a maliciously crafted image may lead to disclosureof user informationDescription: An out-of-bounds read issue was addressed with improvedbounds checking.CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu SecurityImageIOAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing an image may lead to a denial-of-serviceDescription: A null pointer dereference was addressed with improvedvalidation.CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)IOMobileFrameBufferAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An application may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue was addressed with improvedstate management.CVE-2022-26768: an anonymous researcherKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app with root privileges may be able to execute arbitrarycode with kernel privilegesDescription: The issue was addressed with improved memory handling.CVE-2022-32813: Xinru Chi of Pangu LabCVE-2022-32815: Xinru Chi of Pangu LabKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to disclose kernel memoryDescription: An out-of-bounds read issue was addressed with improvedbounds checking.CVE-2022-32817: Xinru Chi of Pangu LabKernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app with arbitrary kernel read and write capability may beable to bypass Pointer AuthenticationDescription: A logic issue was addressed with improved statemanagement.CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)KernelAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app with arbitrary kernel read and write capability may beable to bypass Pointer AuthenticationDescription: A race condition was addressed with improved statehandling.CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)LiblouisAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may cause unexpected app termination or arbitrary codeexecutionDescription: This issue was addressed with improved checks.CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China(nipc.org.cn)libxml2Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to leak sensitive user informationDescription: A memory initialization issue was addressed withimproved memory handling.CVE-2022-32823Multi-TouchAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A type confusion issue was addressed with improved statehandling.CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)PluginKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to read arbitrary filesDescription: A logic issue was addressed with improved statemanagement.CVE-2022-32838: Mickey Jin (@patch1t) of Trend MicroSafari ExtensionsAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Visiting a maliciously crafted website may leak sensitivedataDescription: The issue was addressed with improved UI handling.CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul NationalUniversitySoftware UpdateAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A user in a privileged network position can track a user’sactivityDescription: This issue was addressed by using HTTPS when sendinginformation over the network.CVE-2022-32857: Jeffrey Paul (sneak.berlin)WebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Visiting a website that frames malicious content may lead toUI spoofingDescription: The issue was addressed with improved UI handling.WebKit Bugzilla: 239316CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs& DNSLab, Korea Univ.WebKitAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: An out-of-bounds write issue was addressed with improvedinput validation.WebKit Bugzilla: 240720CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro ZeroDay InitiativeWebRTCAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: Processing maliciously crafted web content may lead toarbitrary code executionDescription: A memory corruption issue was addressed with improvedstate management.WebKit Bugzilla: 242339CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence teamWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: An app may be able to cause unexpected system termination orwrite kernel memoryDescription: This issue was addressed with improved checks.CVE-2022-32837: Wang Yu of CyberservalWi-FiAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2and later, iPad 5th generation and later, iPad mini 4 and later, andiPod touch (7th generation)Impact: A remote user may be able to cause unexpected systemtermination or corrupt kernel memoryDescription: This issue was addressed with improved checks.CVE-2022-32847: Wang Yu of CyberservalAdditional recognition802.1XWe would like to acknowledge Shin Sun of National Taiwan Universityfor their assistance.AppleMobileFileIntegrityWe would like to acknowledge Csaba Fitzl (@theevilbit) of OffensiveSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła(@_r3ggi) of SecuRing for their assistance.configdWe would like to acknowledge Csaba Fitzl (@theevilbit) of OffensiveSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła(@_r3ggi) of SecuRing for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 15.6 and iPadOS 15.6".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuMACgkQeC9qKD1prhhc5hAA2emrXEYGmfH1M/gji0MOPflW+wrr0y8buntNyeJYFQbf1xgGkr9hmHlMDkROvVCXDzuMyH9QDOPNFGPqBTAe/5cL+auNq497f/vGVjEOZ09Y4vC/FVBBklgokQND7CoWBhk99PgNxVdJyzkeKhBEs9JrNaIyGVqg8tChTWWghRzyyyQfHpSQfwj1M9042Kj8w9hi4SrY9R8Oe+QrcCYw/lYo3yO6WIUfajzIs/urT175BFedXS+9l4cK6srMpa/n67w3XZU9psQBVddlkVDymx1c5Lzuo84haM7TYNddOYDVluP+676Uq0vj5E24vTuGLS+vdDlJri6WMJv2d7NZ8dtJAVhPioP3ThGGsAXdpT/PmNbkc5R0RbiVTKs/2CDK4+raGHlOz6leuEfUJtUD1rHLI5n21XBQY1HOvwB9CDqGc5l7FpRoMdajDY/8yaIbWKVu1iycA2NAsxfyc9u1QTwwluGmzelpo9XdAWIZ17j6Dkalta9scCQbakHz3M1PSAYw4ljfGuYYiHElAKuZn/daeAUKZ0zMJOVdHtecliJbV3VlqMzaOKqmgXWNoBOwCow8Tj80F2dFNTvlQe91L8r7NeQAo7KCzEXbVSQqfemojtrREl5BvmWS9s7+QxqDWAHSUr+WakmKTESMA3DTlZBhBbUXE+uNRrEwboUQKeI==Nnrk-----END PGP SIGNATURE-----

Apple Security Advisory 2022-07-20-1

By Deeba Ahmed
The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims…
This is a post from HackRead.com Read the original post: Israeli Spyware Vendor Uses Chrome 0day to Target Journalists

****The spyware vendor Candiru used the Chrome zero-day in March 2022 to target journalists and other unsuspected victims in Palestine, Turkey, and Yemen and Lebanese journalists.****

Antivirus firm Avast has identified a serious flaw in the Chrome browser. According to Avast’s report, the Chrome browser vulnerability, which Google patched earlier this month, is tracked as CVE-2022-2294.

The vulnerability is linked to Candiru aka Saito Tech, an Israel-based spyware vendor that offers governments hacking-for-hire services. It is worth noting that the flaw was identified by Avast and disclosed to Google on 1st July 2022, and a fix was released on 4th July with Chrome 103.

**Vulnerability Details**

Avast reported that someone exploited the zero-day flaw already to spy on Lebanese journalists. Like NSO Group’s Pegasus Spyware, Candiru’s spyware is also used by law enforcement agencies and governments to confront crime and terrorism.

However, as per Avast’s research, Candiru’s spyware was used to target political dissidents, journalists, and critics of authoritarian and repressive regimes. The US Commerce Department sanctioned Candiru for its involvement in anti-US activities.

**Who Were the Targets?**

According to Avast, Candiru used the Chrome zero-day in March 2022 to target people in Palestine, Turkey, and Yemen and Lebanese journalists. In Lebanon, Candiru also compromised a news agency website.

The screenshot shared by Avast shows the malicious code injected into the compromised website stylishblockcom

Avast malware researcher Jan Vojtěšek stated that it is currently unclear why the attackers targeted people in the Middle East, particularly journalists. However, the company is sure that its primary objective was to spy on them and collect sensitive data and information. Such an attack is a blatant violation of freedom of speech and press freedom.

**How Was Zero-Day Exploited?**

As per the Avast report, the attacker planted the Chrome zero-day exploit on the Lebanese news agency website to collect 50 data points from the target’s browser, which includes timezone, language, screen information, browser plugins, device type, and device memory.

Hence, the attacker ensured their target’s device was fully compromised before delivering the spyware payload, which Avast claims matches a Windows-based malware DevilsTongue and Microsoft uncovered it in a previous attack involving Candiru.

It is worth noting that this is government-grade spyware capable of stealing messages, call logs, and photos from the victim’s phone, as well as tracking their location in real-time. Users must quickly update the Chrome browser to stay protected. Separate patches have been released by Apple Safari and Microsoft Edge as these use WebRTC.

Your Chrome browser is likely one of the most important pieces of software on your computer. It’s where you do all your online work, so keeping it up-to-date is essential for your security and productivity. Here’s how to update Chrome on Windows, Mac, and Linux:

**Windows:** Open Chrome and go to the menu in the top right corner. Click “Help” and then “About Google Chrome.” If there’s an update available, you’ll be able to download it from there.

**Mac:** Open Chrome and go to the menu in the top left corner. Click “Chrome” and then “About Google Chrome.” If there’s an update available, you’ll be able to download it from there.

**Linux:** Open a terminal window and type “sudo apt update && sudo apt upgrade google-chrome-stable.

**More Chrome and Spyware News**

1.  5 Ways to Protect Your Privacy on Google Chrome
2.  Predator Spyware Using Zero-day to Target Android Devices
3.  iPhones of 9 State Dept officials hijacked by NSO Pegasus spyware
4.  Pakistani Android users hit by spyware campaign with malicious apps
5.  ISPs Helping Attackers Install Hermit Spyware on Smartphones- Google

Tag

#apple