[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] APPLE-SA-2022-01-26-4 Security Update 2022-001 Catalina
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2022-01-27 0:00:29
Message-ID: 5B53835E-EEFC-4586-9EAE-6B7CF2DF9828 () lists ! apple ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-01-26-4 Security Update 2022-001 Catalina
Security Update 2022-001 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213056.
Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoà ng of STAR Labs
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted STL file may lead to
unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed with
improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro
PackageKit
Available for: macOS Catalina
Impact: An application may be able to access restricted files
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of
Perception Point, Mickey Jin (@patch1t)
Sandbox
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30946: an anonymous researcher, @gorelics
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: This issue was addressed with improved checks.
CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09),
and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab
(xlab.tencent.com), Wojciech Reguła (@_r3ggi), jhftss (@patch1t),
Csaba Fitzl (@theevilbit) of Offensive Security
Additional recognition
PackageKit
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0+AACgkQeC9qKD1p
rhgueRAA24KDPSQw5AL8EmFELBtITercDTPU/gML15xzbnEgVOmCY0i4FKk4Uyll
HkwxRjwbvRkiPV3aOQ+7EbGAHA3v0v8VKPovzorX3PyoBwircahGs18L0kt8NZ1s
yFK8OduYc2DqoO737XicYD6e516h8NQ6yOT8iVpml19gVr8WF1Hi9y77VynSCEcE
UrRaCejajm1GzQswJCStBqhQXFWNqpD+Qm8kFlZfQrejKSBQglVM/d5mSEu3TnN1
kJpWaT0IEz6xSmlO7vz2V5xLQXO/EUHvQOb8psg6sJF9X6VNuyaeYVoORShNVWT3
cPO/5NyKQf201PDiHQDOGoBNG5UIGg0rkwIzvKHVAkn/g5PfC1XAK+2hmvj2igzg
ARcNNZu8uKtOYcOarUlXJ5aApXAMBzsPEbLxeQSjJ7uup5fCwAhmcrchsZbBRm++
2GwqFrMA2r8txQXdC2pXL6qZ4qKAXnfXQn4pJqL6Uqmyo4Tg4Q1dNUZzBkLoqOqv
ZeSt/H+pM8AoGRKpK2s+J67Y/T6KCaTF3YlRKnQOHC+sHPmq6pOiuPqgk2HYDN2t
lFbNKepGwPQVKPsEi4swXEjriKojCJruUDVXplD0a8z/kFyj1bJ9JNM8fzOTk2QH
1lkyiuSAR5LpafCnbzs4NoDIxgg2hofXV7G6lYXHnMM9dpmOfJ0=
=l1zh
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic