Summary
Detail | |||
---|---|---|---|
Vendor | Apple | First view | 1997-08-01 |
Product | Macos | Last view | 2022-05-26 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2022-05-26 | CVE-2022-26776 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
9.8 | 2022-05-26 | CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. |
7.8 | 2022-05-26 | CVE-2022-26772 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26768 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
5.5 | 2022-05-26 | CVE-2022-26767 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
5.5 | 2022-05-26 | CVE-2022-26766 | A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
4.7 | 2022-05-26 | CVE-2022-26765 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
4.7 | 2022-05-26 | CVE-2022-26764 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. |
7.8 | 2022-05-26 | CVE-2022-26763 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
7.8 | 2022-05-26 | CVE-2022-26761 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26757 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26756 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
6.3 | 2022-05-26 | CVE-2022-26755 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. |
7.8 | 2022-05-26 | CVE-2022-26754 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26753 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26752 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26751 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
7.8 | 2022-05-26 | CVE-2022-26750 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 | 2022-05-26 | CVE-2022-26749 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
8.8 | 2022-05-26 | CVE-2022-26748 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
5.5 | 2022-05-26 | CVE-2022-26746 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
5.5 | 2022-05-26 | CVE-2022-26745 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. |
7 | 2022-05-26 | CVE-2022-26743 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
26% (112) | CWE-787 | Out-of-bounds Write |
17% (75) | CWE-125 | Out-of-bounds Read |
7% (33) | CWE-416 | Use After Free |
6% (27) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
4% (20) | CWE-362 | Race Condition |
4% (17) | CWE-668 | Exposure of Resource to Wrong Sphere |
3% (15) | CWE-269 | Improper Privilege Management |
3% (15) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
3% (13) | CWE-190 | Integer Overflow or Wraparound |
2% (12) | CWE-20 | Improper Input Validation |
1% (7) | CWE-665 | Improper Initialization |
1% (6) | CWE-287 | Improper Authentication |
1% (6) | CWE-200 | Information Exposure |
1% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (5) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
1% (5) | CWE-415 | Double Free |
1% (5) | CWE-276 | Incorrect Default Permissions |
1% (5) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
0% (3) | CWE-617 | Reachable Assertion |
0% (3) | CWE-494 | Download of Code Without Integrity Check |
0% (3) | CWE-281 | Improper Preservation of Permissions |
0% (2) | CWE-476 | NULL Pointer Dereference |
0% (2) | CWE-295 | Certificate Issues |
0% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-56 | Removing/short-circuiting 'guard logic' |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
14742 | Apple Mac OS 9 Multiple Users Control Panel Privilege Escalation |
9345 | System Does Not Present Appropriate Legal Access Message |
7036 | Apple Mac OS X HTTP GET Request DoS |
7034 | Mac OS 9 Idle Lock Debugger Password Bypass |
7033 | Mac OS 9 Idle Lock Password Bypass |
6331 | Apple PowerBook Mac OS Control Panel Security Physical Bypass |
4993 | Mac OS Weak Encryption in Users & Groups Data File |
1173 | Mac OS 9 Open Transport Malformed ICMP Datagram Response DoS |
95 | Multiple Vendor ICMP netmask Request Information Disclosure |
94 | Multiple Vendor ICMP timestamp Request Information Disclosure |
OpenVAS Exploits
id | Description |
---|---|
2011-07-15 | Name : ICMP Timestamp Detection File : nvt/gb_icmp_timestamps.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54589 - Type : FILE-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1125 attack attempt RuleID : 54588 - Type : FILE-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1120 attack attempt RuleID : 54520 - Type : FILE-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1120 attack attempt RuleID : 54519 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
1999-08-01 | Name: It is possible to determine the exact time set on the remote host. File: icmp_timestamp.nasl - Type: ACT_GATHER_INFO |
1999-07-29 | Name: The remote host is affected by an information disclosure vulnerability. File: icmp_mask_req.nasl - Type: ACT_GATHER_INFO |