Security Update 2022-005 Catalina addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213343.
APFS
Available for: macOS Catalina
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir…
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8
macOS Big Sur 11.6.8 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213344.
APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)…
Posted by Apple Product Security via Fulldisclosure on Jul 21
APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6
iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213346.
APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code…
Posted by Martin Heiland via Fulldisclosure on Jul 21
Dear subscribers,
we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.
Yours sincerely,
Martin Heiland, Open-Xchange GmbH
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: DOCS-4106
Vulnerability type: OS Command Injection (CWE-78)
Vulnerable…
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in the execution of arbitrary Java bytecode or the
bypass of the Java sandbox.
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Catalina is the 16th major release of macOS
macOS Big Sur is the 17th release of macOS.
macOS Monterey is the 18th and current major release of macOS.
Safari is a graphical web browser developed by Apple.
tvOS is an operating system for fourth-generation Apple TV digital media player.
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.