Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1
macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213494.
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements….
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-24-7 Safari 16.1
Safari 16.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213495.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee…
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-24-6 tvOS 16.1
tvOS 16.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213492.
AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin…
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-24-5 watchOS 9.1
watchOS 9.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213491.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Threat: Email-Worm.Win32.Kipis.c
Vulnerability: Remote File Write Code Execution
Description: The malware listens on TCP port 8297. Third-party adversaries
who can reach the infected host can write executable code to a file named…
Threat: Backdoor.Win32.Psychward.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 13013. Third-party adversarys
who can reach infected systems can issue various commands made available by…
Threat: Backdoor.Win32.Delf.arh
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server. Third-party adversarys who
can reach infected systems can logon using any username/password
combination. Intruders may then…
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1
macOS Big Sur 11.7.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213493.
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1
macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213494.
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
Posted by Apple Product Security via Fulldisclosure on Oct 30
APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously…