CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42803 – Apple Security Advisory 2022-10-27-6
https://notcve.org/view.php?id=CVE-2022-42803
31 Oct 2022 — A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un bloqueo mejorado. Este problema se solucionó en tvOS 16.1, iOS 15.7.1 y iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 y iPadOS 16, macOS Monterey 12.6.1. • https://support.apple.com/en-us/HT213488 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32922 – Apple Safari PDFPluginAnnotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-32922
31 Oct 2022 — A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de Use After Free con una gestión de memoria mejorada. Este problema se solucionó en Safari 16.1, iOS 16.1 y iPadOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32905 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32905
31 Oct 2022 — This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. Este problema se solucionó con una validación mejorada de los enlaces simbólicos. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32892 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32892
31 Oct 2022 — An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions. Se solucionó un problema de acceso con mejoras en el sandbox. Este problema se solucionó en Safari 16, iOS 15.7 y iPadOS 15.7, iOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213442 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-32947 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-32947
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 16.1 y iPadOS 16, macOS Ventura 13, watchOS 9.1. • https://github.com/asahilina/agx-exploit •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32865 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-32865
31 Oct 2022 — The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 16, macOS Ventura 13. • https://support.apple.com/en-us/HT213446 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26730 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-26730
31 Oct 2022 — A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution. Existía un problema de corrupción de memoria en el procesamiento de perfiles ICC. • https://support.apple.com/en-us/HT213488 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32940 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-32940
31 Oct 2022 — The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en tvOS 16.1, iOS 16.1 y iPadOS 16, macOS Ventura 13, watchOS 9.1. • https://support.apple.com/en-us/HT213488 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42813 – Apple Security Advisory 2022-10-24-1
https://notcve.org/view.php?id=CVE-2022-42813
31 Oct 2022 — A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution. Existía un problema de validación de certificados en el manejo de WKWebView. • https://support.apple.com/en-us/HT213488 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42818 – Apple Security Advisory 2022-10-24-2
https://notcve.org/view.php?id=CVE-2022-42818
31 Oct 2022 — This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. Este problema se solucionó mejorando la protección de datos. Este problema se solucionó en macOS Ventura 13. • https://support.apple.com/en-us/HT213488 •