Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Patches Everything

Published: 2022-01-27
Last Updated: 2022-01-27 15:25:11 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Trying something a bit new here. Please let me know if this works for you.

Yesterday, Apple released security updates across its spectrum of operating systems. Apple tends to release these updates all at the same time. Targeting more enthusiasts and home users with its products, Apple is missing a lot of the details that commercial/enterprise users are looking for. The table below is an attempt to help you out a bit in identifying which vulnerabilities affect which operating system, and how severe they are.

There is no option to pick and choose which vulnerabilities to fix. 

Noteworthy Vulnerabilities:

CVE-2022-22587: The vulnerability has already been exploited in the wild.
CVE-2022-22594: IndexDB same original policy violation. This vulnerability has been public for at least a week.

To indicate severity, I labeled vulnerabilities as:

Critical (red): Remote code execution (includes vulnerabilities that require a file download)

Important (yellow): Privilege Escalation

Other (blue): Security Feature Bypass

 

Safari Catalina BigSur Monterey tvOS iOS iPadOS watchOS
CVE-2022-22590 [critical] WebKit
A use after free issue was addressed with improved memory management.
Processing maliciously crafted web content may lead to arbitrary code execution
x     x x x x x
CVE-2022-22592 [other] WebKit
A logic issue was addressed with improved state management.
Processing maliciously crafted web content may prevent Content Security Policy from being enforced
x     x x x x x
CVE-2022-22589 [critical] WebKit
A validation issue was addressed with improved input sanitization.
Processing a maliciously crafted mail message may lead to running arbitrary javascript
x     x x x x x
CVE-2022-22594 [critical] WebKit Storage
A cross-origin issue in the IndexDB API was addressed with improved input validation.
A website may be able to track sensitive user information
CVE-2022-22593 [important] Kernel
A buffer overflow issue was addressed with improved memory handling.
A malicious application may be able to execute arbitrary code with kernel privileges
  x x x x x x x
CVE-2022-22579 [critical] Model I/O
An information disclosure issue was addressed with improved state management.
Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
  x x x x x x  
CVE-2022-22583 [important] PackageKit
A permissions issue was addressed with improved validation.
An application may be able to access restricted files
  x x x        
CVE-2021-30946 [other] Sandbox
A logic issue was addressed with improved restrictions.
A malicious application may be able to bypass certain Privacy preferences
  x            
CVE-2021-30960 [important] Audio
A buffer overflow issue was addressed with improved memory handling.
Parsing a maliciously crafted audio file may lead to the disclosure of user information
    x          
CVE-2022-22585 [other] iCloud
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.
An application may be able to access a user's files
    x x x x x x
CVE-2022-22587 [important] IOMobileFrameBuffer
A memory corruption issue was addressed with improved input validation.
A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
    x x   x x  
CVE-2022-22586 [important] AMD Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
A malicious application may be able to execute arbitrary code with kernel privileges
      x        
CVE-2022-22584 [critical] ColorSync
A memory corruption issue was addressed with improved validation.
Processing a maliciously crafted file may lead to arbitrary code execution
      x x x x x
CVE-2022-22578 [important] Crash Reporter
A logic issue was addressed with improved validation.
A malicious application may be able to gain root privileges
      x x x x x
CVE-2022-22591 [important] Intel Graphics Driver
A memory corruption issue was addressed with improved memory handling.
A malicious application may be able to execute arbitrary code with kernel privileges
      x        

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

3 comment(s)
Diary Archives