Tuesday, February 1, 2022

Apple Security Advisory 2022-01-26-4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2022-01-26-4 Security Update 2022-001 Catalina

Security Update 2022-001 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213056.

Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted STL file may lead to
unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed with
improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

PackageKit
Available for: macOS Catalina
Impact: An application may be able to access restricted files
Description: A permissions issue was addressed with improved
validation.
CVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of
Perception Point, Mickey Jin (@patch1t)

Sandbox
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30946: an anonymous researcher, @gorelics

TCC
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: This issue was addressed with improved checks.
CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09),
and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab
(xlab.tencent.com), Wojciech Reguła (@_r3ggi), jhftss (@patch1t),
Csaba Fitzl (@theevilbit) of Offensive Security

Additional recognition

PackageKit
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.

Installation note:

This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0+AACgkQeC9qKD1p
rhgueRAA24KDPSQw5AL8EmFELBtITercDTPU/gML15xzbnEgVOmCY0i4FKk4Uyll
HkwxRjwbvRkiPV3aOQ+7EbGAHA3v0v8VKPovzorX3PyoBwircahGs18L0kt8NZ1s
yFK8OduYc2DqoO737XicYD6e516h8NQ6yOT8iVpml19gVr8WF1Hi9y77VynSCEcE
UrRaCejajm1GzQswJCStBqhQXFWNqpD+Qm8kFlZfQrejKSBQglVM/d5mSEu3TnN1
kJpWaT0IEz6xSmlO7vz2V5xLQXO/EUHvQOb8psg6sJF9X6VNuyaeYVoORShNVWT3
cPO/5NyKQf201PDiHQDOGoBNG5UIGg0rkwIzvKHVAkn/g5PfC1XAK+2hmvj2igzg
ARcNNZu8uKtOYcOarUlXJ5aApXAMBzsPEbLxeQSjJ7uup5fCwAhmcrchsZbBRm++
2GwqFrMA2r8txQXdC2pXL6qZ4qKAXnfXQn4pJqL6Uqmyo4Tg4Q1dNUZzBkLoqOqv
ZeSt/H+pM8AoGRKpK2s+J67Y/T6KCaTF3YlRKnQOHC+sHPmq6pOiuPqgk2HYDN2t
lFbNKepGwPQVKPsEi4swXEjriKojCJruUDVXplD0a8z/kFyj1bJ9JNM8fzOTk2QH
1lkyiuSAR5LpafCnbzs4NoDIxgg2hofXV7G6lYXHnMM9dpmOfJ0=
=l1zh
-----END PGP SIGNATURE-----


 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore