Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2014-01-21 |
| Product | Macos | Last view | 2022-05-26 |
| Version | 10.15.7 | Type | Os |
| Update | security_update_2021-003 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:macos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2022-05-26 | CVE-2022-26776 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 9.8 | 2022-05-26 | CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 7.8 | 2022-05-26 | CVE-2022-26772 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26768 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2022-05-26 | CVE-2022-26767 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
| 5.5 | 2022-05-26 | CVE-2022-26766 | A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
| 4.7 | 2022-05-26 | CVE-2022-26765 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
| 4.7 | 2022-05-26 | CVE-2022-26764 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. |
| 7.8 | 2022-05-26 | CVE-2022-26763 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26761 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26757 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26756 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
| 6.3 | 2022-05-26 | CVE-2022-26755 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. |
| 7.8 | 2022-05-26 | CVE-2022-26754 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26753 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26752 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26751 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 7.8 | 2022-05-26 | CVE-2022-26750 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-05-26 | CVE-2022-26749 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
| 8.8 | 2022-05-26 | CVE-2022-26748 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 5.5 | 2022-05-26 | CVE-2022-26746 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
| 5.5 | 2022-05-26 | CVE-2022-26745 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. |
| 7 | 2022-05-26 | CVE-2022-26743 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (124) | CWE-787 | Out-of-bounds Write |
| 17% (70) | CWE-125 | Out-of-bounds Read |
| 8% (32) | CWE-416 | Use After Free |
| 6% (25) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 4% (19) | CWE-362 | Race Condition |
| 3% (14) | CWE-269 | Improper Privilege Management |
| 3% (13) | CWE-190 | Integer Overflow or Wraparound |
| 2% (8) | CWE-665 | Improper Initialization |
| 2% (8) | CWE-20 | Improper Input Validation |
| 1% (7) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 1% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 1% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (5) | CWE-415 | Double Free |
| 1% (5) | CWE-287 | Improper Authentication |
| 1% (5) | CWE-276 | Incorrect Default Permissions |
| 1% (5) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 1% (4) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 1% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (3) | CWE-617 | Reachable Assertion |
| 0% (3) | CWE-476 | NULL Pointer Dereference |
| 0% (3) | CWE-281 | Improper Preservation of Permissions |
| 0% (2) | CWE-494 | Download of Code Without Integrity Check |
| 0% (2) | CWE-295 | Certificate Issues |
| 0% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 0% (2) | CWE-122 | Heap-based Buffer Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54589 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54588 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1120 attack attempt RuleID : 54520 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1120 attack attempt RuleID : 54519 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-02-09 | Name: An enterprise data warehousing component installed on the remote Linux host i... File: ibm_netezza_analytics_swg22012645.nasl - Type: ACT_GATHER_INFO |
| 2017-01-12 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-21.nasl - Type: ACT_GATHER_INFO |
