ID

VAR-202203-0123


CVE

CVE-2022-22627


TITLE

plural  Apple  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-008996

DESCRIPTION

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Information about the security content is also available at https://support.apple.com/HT213184. Accelerate Framework Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Big Sur Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22615: an anonymous researcher CVE-2022-22614: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Login Window Available for: macOS Big Sur Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Big Sur Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 PackageKit Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) QuickTime Player Available for: macOS Big Sur Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Siri Available for: macOS Big Sur Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix xar Available for: macOS Big Sur Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. macOS Big Sur 11.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p rhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z xh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC VpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA pEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk M5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA X8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X 6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7 l1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p 1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc 6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV x/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU= =nZ2X -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2022-22627 // JVNDB: JVNDB-2022-008996 // ZDI: ZDI-22-714 // VULHUB: VHN-411255 // VULMON: CVE-2022-22627 // PACKETSTORM: 166312 // PACKETSTORM: 166315

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:11.6.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-714 // JVNDB: JVNDB-2022-008996 // NVD: CVE-2022-22627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22627
value: HIGH

Trust: 1.0

NVD: CVE-2022-22627
value: HIGH

Trust: 0.8

ZDI: CVE-2022-22627
value: LOW

Trust: 0.7

CNNVD: CNNVD-202203-1301
value: HIGH

Trust: 0.6

VULHUB: VHN-411255
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22627
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22627
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411255
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22627
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-22627
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-22627
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-714 // VULHUB: VHN-411255 // VULMON: CVE-2022-22627 // JVNDB: JVNDB-2022-008996 // CNNVD: CNNVD-202203-1301 // NVD: CVE-2022-22627

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-787

Trust: 0.1

sources: VULHUB: VHN-411255 // JVNDB: JVNDB-2022-008996 // NVD: CVE-2022-22627

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1301

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1301

PATCH

title:HT213185url:https://support.apple.com/en-us/HT213183

Trust: 1.5

title:Apple macOS Big Sur Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186891

Trust: 0.6

title:Apple: macOS Big Sur 11.6.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4c90c4b83ae5b2687f4b5d9d71e49f12

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: ZDI: ZDI-22-714 // VULMON: CVE-2022-22627 // JVNDB: JVNDB-2022-008996 // CNNVD: CNNVD-202203-1301

EXTERNAL IDS

db:NVDid:CVE-2022-22627

Trust: 4.3

db:PACKETSTORMid:166315

Trust: 0.8

db:JVNDBid:JVNDB-2022-008996

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-16074

Trust: 0.7

db:ZDIid:ZDI-22-714

Trust: 0.7

db:CS-HELPid:SB2022031435

Trust: 0.6

db:CNNVDid:CNNVD-202203-1301

Trust: 0.6

db:PACKETSTORMid:166312

Trust: 0.2

db:VULHUBid:VHN-411255

Trust: 0.1

db:VULMONid:CVE-2022-22627

Trust: 0.1

sources: ZDI: ZDI-22-714 // VULHUB: VHN-411255 // VULMON: CVE-2022-22627 // JVNDB: JVNDB-2022-008996 // PACKETSTORM: 166312 // PACKETSTORM: 166315 // CNNVD: CNNVD-202203-1301 // NVD: CVE-2022-22627

REFERENCES

url:https://support.apple.com/en-us/ht213183

Trust: 2.5

url:https://support.apple.com/en-us/ht213184

Trust: 2.4

url:https://support.apple.com/en-us/ht213185

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-22627

Trust: 1.0

url:https://packetstormsecurity.com/files/166315/apple-security-advisory-2022-03-14-5.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22627/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031435

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22625

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22616

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://support.apple.com/downloads/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22613

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22661

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22650

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22617

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22638

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22626

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22597

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22582

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22647

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22614

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22648

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22656

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht213184

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

url:https://support.apple.com/ht213185.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22633

Trust: 0.1

url:https://support.apple.com/ht213184.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22632

Trust: 0.1

sources: ZDI: ZDI-22-714 // VULHUB: VHN-411255 // VULMON: CVE-2022-22627 // JVNDB: JVNDB-2022-008996 // PACKETSTORM: 166312 // PACKETSTORM: 166315 // CNNVD: CNNVD-202203-1301 // NVD: CVE-2022-22627

CREDITS

Qi Sun and Robert Ai of Trend Micro

Trust: 0.7

sources: ZDI: ZDI-22-714

SOURCES

db:ZDIid:ZDI-22-714
db:VULHUBid:VHN-411255
db:VULMONid:CVE-2022-22627
db:JVNDBid:JVNDB-2022-008996
db:PACKETSTORMid:166312
db:PACKETSTORMid:166315
db:CNNVDid:CNNVD-202203-1301
db:NVDid:CVE-2022-22627

LAST UPDATE DATE

2024-08-14T12:06:44.473000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-714date:2022-04-28T00:00:00
db:VULHUBid:VHN-411255date:2022-03-26T00:00:00
db:VULMONid:CVE-2022-22627date:2023-08-08T00:00:00
db:JVNDBid:JVNDB-2022-008996date:2023-08-02T06:25:00
db:CNNVDid:CNNVD-202203-1301date:2022-03-28T00:00:00
db:NVDid:CVE-2022-22627date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-714date:2022-04-28T00:00:00
db:VULHUBid:VHN-411255date:2022-03-18T00:00:00
db:VULMONid:CVE-2022-22627date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-008996date:2023-08-02T00:00:00
db:PACKETSTORMid:166312date:2022-03-15T15:45:47
db:PACKETSTORMid:166315date:2022-03-15T15:46:38
db:CNNVDid:CNNVD-202203-1301date:2022-03-14T00:00:00
db:NVDid:CVE-2022-22627date:2022-03-18T18:15:14.027