CVE-2022-26727
https://notcve.org/view.php?id=CVE-2022-26727
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. Este problema se abordó con derechos mejorados. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213257 •
CVE-2022-22663
https://notcve.org/view.php?id=CVE-2022-22663
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. Este problema ha sido abordado con comprobaciones mejoradas para evitar acciones no autorizadas. Este problema es corregido en iOS versión 15.4 y iPadOS versión 15.4, Security Update 2022-004 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213182 https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 •
CVE-2022-26698 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26698
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4 y macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 https://support.apple.com/en-us/HT213257 • CWE-125: Out-of-bounds Read •
CVE-2022-26704
https://notcve.org/view.php?id=CVE-2022-26704
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. Se presentaba un problema de comprobación en el manejo de los enlaces simbólicos y se abordó con una comprobación de los enlaces simbólicos mejorada. Este problema es corregido en macOS Monterey versión 12.4. • http://seclists.org/fulldisclosure/2022/Jul/13 http://seclists.org/fulldisclosure/2022/Jul/14 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md https://support.apple.com/en-us/HT213257 https://support.apple.com/kb/HT213343 https://support.apple.com/kb/HT213344 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-26697 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26697
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 https://support.apple.com/en-us/HT213257 • CWE-125: Out-of-bounds Read •