Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-2022-05-16-7 Safari 15.5
Safari 15.5 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213260.
WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 238178
CVE-2022-26700: ryuzaki
Posted by Apple Product Security via Fulldisclosure on May 16
APPLE-SA-2022-05-16-8 Xcode 13.4
Xcode 13.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213261.
Git
Available for: macOS Monterey 12 or later
Impact: On multi-user machines Git users might find themselves
unexpectedly in a Git worktree
Description: A logic issue was addressed with improved state
management.
CVE-2022-24765: 俞晨东
Version 2.2.0 is affected, and prior versions are likely affected too.
[-] Vulnerabilities Description:
Vulnerable component is switching to another tab. To exploit
vulnerability, an attacker may send a POST request (with
application/x-www-form-urlencoded content-type) to AJAX endpoint
(usually “/index.php”) with “is_ajax_listing_tabs” parameter set to
“1” and “setting” parameter…
Jakub Wilk discovered a local privilege escalation in needrestart, a
utility to check which daemons need to be restarted after library
upgrades. Regular expressions to detect the Perl, Python, and Ruby
interpreters are not anchored, allowing a local user to escalate
privileges when needrestart tries to detect if interpreters are using
old source files.
Elison Niven discovered that the c_rehash script included in OpenSSL did
not sanitise shell meta characters which could result in the execution
of arbitrary commands.
USN-5311-1 released updates for contained. Unfortunately, a subsequent update
reverted the fix for this CVE by mistake. This update corrects the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that containerd allows attackers to gain access to read-
only copies of arbitrary files and directories on the host via a specially-
crafted image configuration. An attacker could possibly use this issue to
obtain sensitive information.
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.