Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-1 iOS 15.4 and iPadOS 15.4
iOS 15.4 and iPadOS 15.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213182.
Accelerate Framework
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Opening a maliciously crafted PDF file may lead to…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-3 tvOS 15.4
tvOS 15.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213186.
AppleAVD
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat.
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-5 macOS Big Sur 11.6.5
macOS Big Sur 11.6.5 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213184.
Accelerate Framework
Available for: macOS Big Sur
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-10 iTunes 12.12.3 for Windows
iTunes 12.12.3 for Windows addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213188.
ImageIO
Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-22611: Xingyu Jin of…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-7 Xcode 13.3
Xcode 13.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213189.
iTMSTransporter
Available for: macOS Monterey 12 and later
Impact: Multiple issues in iTMSTransporter
Description: Multiple issues were addressed with updating FasterXML
jackson-databind and Apache Log4j2.
CVE-2019-14379
CVE-2021-44228
Security Update 2022-003 Catalina addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213185.
AppleGraphicsControl
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-22631: an anonymous…
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-9 GarageBand 10.4.6
GarageBand 10.4.6 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213191.
MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory initialization issue was addressed with
improved memory handling….
Posted by Apple Product Security via Fulldisclosure on Mar 14
APPLE-SA-2022-03-14-8 Logic Pro X 10.7.3
Logic Pro X 10.7.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213190. You can encrypt communications with Apple using the Apple Product
Security PGP Key.
Apple security documents reference vulnerabilities by CVE-ID when
possible.
MIDI
Available for: macOS Big Sur 11.5 and later
Impact: Opening a maliciously crafted file may lead…
Threat: RedLine.MainPanel – cracked.exe
Vulnerability: Insecure Permissions
Description: The malware writes PE files with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
