ID

VAR-202203-0133


CVE

CVE-2022-22625


TITLE

plural  Apple  Product out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-008586

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Information about the security content is also available at https://support.apple.com/HT213184. Accelerate Framework Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Big Sur Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22615: an anonymous researcher CVE-2022-22614: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Login Window Available for: macOS Big Sur Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Big Sur Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 PackageKit Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) QuickTime Player Available for: macOS Big Sur Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Siri Available for: macOS Big Sur Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix xar Available for: macOS Big Sur Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. macOS Big Sur 11.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p rhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z xh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC VpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA pEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk M5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA X8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X 6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7 l1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p 1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc 6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV x/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU= =nZ2X -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2022-22625 // JVNDB: JVNDB-2022-008586 // ZDI: ZDI-22-712 // VULHUB: VHN-411253 // VULMON: CVE-2022-22625 // PACKETSTORM: 166315 // PACKETSTORM: 166312

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-712 // JVNDB: JVNDB-2022-008586 // NVD: CVE-2022-22625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22625
value: HIGH

Trust: 1.0

NVD: CVE-2022-22625
value: HIGH

Trust: 0.8

ZDI: CVE-2022-22625
value: LOW

Trust: 0.7

CNNVD: CNNVD-202203-1264
value: HIGH

Trust: 0.6

VULHUB: VHN-411253
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22625
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22625
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411253
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22625
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-22625
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-22625
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-712 // VULHUB: VHN-411253 // VULMON: CVE-2022-22625 // JVNDB: JVNDB-2022-008586 // CNNVD: CNNVD-202203-1264 // NVD: CVE-2022-22625

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-411253 // JVNDB: JVNDB-2022-008586 // NVD: CVE-2022-22625

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1264

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1264

PATCH

title:HT213185url:https://support.apple.com/en-us/HT213183

Trust: 1.5

title:Apple macOS Big Sur Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187017

Trust: 0.6

title:Apple: macOS Big Sur 11.6.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4c90c4b83ae5b2687f4b5d9d71e49f12

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: ZDI: ZDI-22-712 // VULMON: CVE-2022-22625 // JVNDB: JVNDB-2022-008586 // CNNVD: CNNVD-202203-1264

EXTERNAL IDS

db:NVDid:CVE-2022-22625

Trust: 4.3

db:PACKETSTORMid:166315

Trust: 0.8

db:JVNDBid:JVNDB-2022-008586

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-16084

Trust: 0.7

db:ZDIid:ZDI-22-712

Trust: 0.7

db:CS-HELPid:SB2022031435

Trust: 0.6

db:CNNVDid:CNNVD-202203-1264

Trust: 0.6

db:PACKETSTORMid:166312

Trust: 0.2

db:VULHUBid:VHN-411253

Trust: 0.1

db:VULMONid:CVE-2022-22625

Trust: 0.1

sources: ZDI: ZDI-22-712 // VULHUB: VHN-411253 // VULMON: CVE-2022-22625 // JVNDB: JVNDB-2022-008586 // PACKETSTORM: 166315 // PACKETSTORM: 166312 // CNNVD: CNNVD-202203-1264 // NVD: CVE-2022-22625

REFERENCES

url:https://support.apple.com/en-us/ht213183

Trust: 2.5

url:https://support.apple.com/en-us/ht213184

Trust: 2.4

url:https://support.apple.com/en-us/ht213185

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-22625

Trust: 1.0

url:https://packetstormsecurity.com/files/166315/apple-security-advisory-2022-03-14-5.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031435

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22625/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22616

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://support.apple.com/downloads/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22613

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22661

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22650

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22617

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22638

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22626

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22597

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22582

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22647

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22614

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22648

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22656

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht213184

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22633

Trust: 0.1

url:https://support.apple.com/ht213184.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22632

Trust: 0.1

url:https://support.apple.com/ht213185.

Trust: 0.1

sources: ZDI: ZDI-22-712 // VULHUB: VHN-411253 // VULMON: CVE-2022-22625 // JVNDB: JVNDB-2022-008586 // PACKETSTORM: 166315 // PACKETSTORM: 166312 // CNNVD: CNNVD-202203-1264 // NVD: CVE-2022-22625

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 0.7

sources: ZDI: ZDI-22-712

SOURCES

db:ZDIid:ZDI-22-712
db:VULHUBid:VHN-411253
db:VULMONid:CVE-2022-22625
db:JVNDBid:JVNDB-2022-008586
db:PACKETSTORMid:166315
db:PACKETSTORMid:166312
db:CNNVDid:CNNVD-202203-1264
db:NVDid:CVE-2022-22625

LAST UPDATE DATE

2024-08-14T12:10:13.975000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-712date:2022-04-28T00:00:00
db:VULHUBid:VHN-411253date:2022-11-02T00:00:00
db:VULMONid:CVE-2022-22625date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-008586date:2023-07-28T05:16:00
db:CNNVDid:CNNVD-202203-1264date:2022-03-29T00:00:00
db:NVDid:CVE-2022-22625date:2022-11-02T13:18:35.983

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-712date:2022-04-28T00:00:00
db:VULHUBid:VHN-411253date:2022-03-18T00:00:00
db:VULMONid:CVE-2022-22625date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-008586date:2023-07-28T00:00:00
db:PACKETSTORMid:166315date:2022-03-15T15:46:38
db:PACKETSTORMid:166312date:2022-03-15T15:45:47
db:CNNVDid:CNNVD-202203-1264date:2022-03-14T00:00:00
db:NVDid:CVE-2022-22625date:2022-03-18T18:15:13.947