CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26688 – Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-26688
26 May 2022 — An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. Se abordó un problema en el manejo de los enlaces simbólicos con una comprobación mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3 y macOS Big Sur versión 11.6.5. • https://support.apple.com/en-us/HT213183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 0CVE-2022-22672
https://notcve.org/view.php?id=CVE-2022-22672
26 May 2022 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una administración de memoria mejorada. Este problema es corregido en iOS versión 15.4 y iPadOS versión 15.4, Security Update 2022-003 Catalina, macOS Monterey versión 12.3 y ma... • https://support.apple.com/en-us/HT213182 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 5%CPEs: 20EXPL: 2CVE-2022-26757 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26757
17 May 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema es corregido en tvOS versión 15.5, iOS versión 15.5 y iPadOS versión 15.5, Security Update 2022... • https://packetstorm.news/files/id/167517 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26770 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26770
17 May 2022 — An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-26727 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26727
17 May 2022 — This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. Este problema se abordó con derechos mejorados. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213255 •
CVSS: 6.3EPSS: 0%CPEs: 16EXPL: 0CVE-2022-26755 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26755
17 May 2022 — This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. Este problema es corregido con un saneo del entorno mejorado. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213255 •
CVSS: 6.5EPSS: 4%CPEs: 17EXPL: 2CVE-2022-26726 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26726
17 May 2022 — This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. Este problema es corregido con comprobaciones mejoradas. Este problema es corregido en Security Update 2022-004 Catalina, watchOS versión 8.6, macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://github.com/acheong08/CVE-2022-26726-POC •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-26748 – Apple Safari WebGL generateMipmap Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26748
17 May 2022 — An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de escritura fuera de límites con una comprobación de entradas mejorada. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4 y macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213255 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 0CVE-2022-26722 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26722
17 May 2022 — A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. Se abordó un problema de inicialización de memoria. Este problema es corregido en Security Update 2022-004 Catalina, macOS Monterey versión 12.4, macOS Big Sur versión 11.6.6. • https://support.apple.com/en-us/HT213255 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-26751 – Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26751
17 May 2022 — A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación de entradas mejorada. Este problema es corregido en iTunes versión 12.12.4 para Windows, iOS versión 15.5 y iPadOS versión 15.5, Security Up... • https://support.apple.com/en-us/HT213255 • CWE-787: Out-of-bounds Write •