Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 1999-07-10 |
| Product | Macos | Last view | 2022-03-18 |
| Version | 8.0 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:macos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2022-03-18 | CVE-2022-22669 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22665 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22664 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
| 7.8 | 2022-03-18 | CVE-2022-22661 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2022-03-18 | CVE-2022-22660 | This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. |
| 7.8 | 2022-03-18 | CVE-2022-22657 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
| 3.3 | 2022-03-18 | CVE-2022-22656 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. |
| 7.5 | 2022-03-18 | CVE-2022-22651 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. |
| 5.5 | 2022-03-18 | CVE-2022-22650 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data. |
| 5.5 | 2022-03-18 | CVE-2022-22648 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. |
| 4.6 | 2022-03-18 | CVE-2022-22647 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. |
| 5.5 | 2022-03-18 | CVE-2022-22644 | A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts. |
| 7.5 | 2022-03-18 | CVE-2022-22643 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
| 9.8 | 2022-03-18 | CVE-2022-22641 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22640 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22639 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
| 6.5 | 2022-03-18 | CVE-2022-22638 | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. |
| 7.8 | 2022-03-18 | CVE-2022-22633 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 9.8 | 2022-03-18 | CVE-2022-22632 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22631 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. |
| 7.1 | 2022-03-18 | CVE-2022-22627 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 7.1 | 2022-03-18 | CVE-2022-22626 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 7.1 | 2022-03-18 | CVE-2022-22625 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
| 4.6 | 2022-03-18 | CVE-2022-22621 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
| 8.8 | 2022-03-18 | CVE-2022-22620 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (92) | CWE-787 | Out-of-bounds Write |
| 19% (70) | CWE-125 | Out-of-bounds Read |
| 8% (31) | CWE-416 | Use After Free |
| 5% (20) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 4% (15) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 4% (15) | CWE-362 | Race Condition |
| 3% (14) | CWE-269 | Improper Privilege Management |
| 3% (13) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 3% (11) | CWE-190 | Integer Overflow or Wraparound |
| 3% (11) | CWE-20 | Improper Input Validation |
| 1% (6) | CWE-287 | Improper Authentication |
| 1% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (5) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 1% (5) | CWE-415 | Double Free |
| 1% (5) | CWE-200 | Information Exposure |
| 1% (4) | CWE-665 | Improper Initialization |
| 1% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (3) | CWE-617 | Reachable Assertion |
| 0% (3) | CWE-494 | Download of Code Without Integrity Check |
| 0% (3) | CWE-281 | Improper Preservation of Permissions |
| 0% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (2) | CWE-476 | NULL Pointer Dereference |
| 0% (2) | CWE-276 | Incorrect Default Permissions |
| 0% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 0% (2) | CWE-122 | Heap-based Buffer Overflow |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 4993 | Mac OS Weak Encryption in Users & Groups Data File |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54589 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54588 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1120 attack attempt RuleID : 54520 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1120 attack attempt RuleID : 54519 - Type : FILE-OTHER - Revision : 1 |
