Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2019-07-26 |
| Product | Mac Os X | Last view | 2022-05-26 |
| Version | 10.14.6 | Type | Os |
| Update | supplemental_update | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:mac_os_x | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2022-05-26 | CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 7.8 | 2022-05-26 | CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2022-05-26 | CVE-2022-26766 | A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
| 7.8 | 2022-05-26 | CVE-2022-26763 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26761 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26757 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26756 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 6.3 | 2022-05-26 | CVE-2022-26755 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. |
| 7.8 | 2022-05-26 | CVE-2022-26751 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 8.8 | 2022-05-26 | CVE-2022-26748 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 5.5 | 2022-05-26 | CVE-2022-26746 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
| 5.5 | 2022-05-26 | CVE-2022-26728 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. |
| 5.5 | 2022-05-26 | CVE-2022-26727 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. |
| 6.5 | 2022-05-26 | CVE-2022-26726 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. |
| 7.8 | 2022-05-26 | CVE-2022-26722 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26721 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26720 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26715 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26714 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.1 | 2022-05-26 | CVE-2022-26698 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 7.1 | 2022-05-26 | CVE-2022-26697 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 6.7 | 2022-05-26 | CVE-2022-26691 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
| 4.4 | 2022-05-26 | CVE-2022-26688 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
| 5.5 | 2022-05-26 | CVE-2022-22674 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 34% (160) | CWE-787 | Out-of-bounds Write |
| 24% (116) | CWE-125 | Out-of-bounds Read |
| 7% (36) | CWE-20 | Improper Input Validation |
| 6% (29) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 3% (15) | CWE-416 | Use After Free |
| 2% (13) | CWE-362 | Race Condition |
| 1% (9) | CWE-269 | Improper Privilege Management |
| 1% (9) | CWE-190 | Integer Overflow or Wraparound |
| 1% (9) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 1% (8) | CWE-665 | Improper Initialization |
| 1% (6) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (4) | CWE-415 | Double Free |
| 0% (3) | CWE-617 | Reachable Assertion |
| 0% (3) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 0% (3) | CWE-295 | Certificate Issues |
| 0% (3) | CWE-276 | Incorrect Default Permissions |
| 0% (3) | CWE-193 | Off-by-one Error |
| 0% (2) | CWE-674 | Uncontrolled Recursion |
| 0% (2) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (2) | CWE-459 | Incomplete Cleanup |
| 0% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (2) | CWE-281 | Improper Preservation of Permissions |
| 0% (2) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54589 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54588 - Type : FILE-OTHER - Revision : 1 |
