Details of VAR-202203-0150

ID

VAR-202203-0150

CVE

CVE-2022-22626

TITLE

plural Apple Product out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-008587

DESCRIPTION

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AppleScript framework. Crafted data in a SCPT file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. IBM Big SQL is an enterprise-level, ANSI-compliant hybrid SQL-on-Hadoop engine from IBM, USA, that provides massively parallel processing (MPP) and advanced data query. A buffer error vulnerability exists in IBM Big SQL that could allow an authenticated user with appropriate privileges to obtain sensitive information by using the CREATE TABLE SELECT statement to bypass data masking rules. Information about the security content is also available at https://support.apple.com/HT213184. Accelerate Framework Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Big Sur Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22615: an anonymous researcher CVE-2022-22614: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Login Window Available for: macOS Big Sur Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Big Sur Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 PackageKit Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) QuickTime Player Available for: macOS Big Sur Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Siri Available for: macOS Big Sur Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix xar Available for: macOS Big Sur Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. macOS Big Sur 11.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p rhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z xh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC VpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA pEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk M5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA X8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X 6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7 l1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p 1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc 6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV x/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU= =nZ2X -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2022-22626 // JVNDB: JVNDB-2022-008587 // ZDI: ZDI-22-711 // VULHUB: VHN-411254 // VULMON: CVE-2022-22626 // PACKETSTORM: 166315 // PACKETSTORM: 166312

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-711 // JVNDB: JVNDB-2022-008587 // NVD: CVE-2022-22626

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22626
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22626
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-22626
value:	LOW
Trust: 0.7
CNNVD:	CNNVD-202203-1365
value:	HIGH
Trust: 0.6
VULHUB:	VHN-411254
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22626
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22626
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411254
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22626
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22626
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-22626
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-711 // VULHUB: VHN-411254 // VULMON: CVE-2022-22626 // JVNDB: JVNDB-2022-008587 // CNNVD: CNNVD-202203-1365 // NVD: CVE-2022-22626

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411254 // JVNDB: JVNDB-2022-008587 // NVD: CVE-2022-22626

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1365

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1365

PATCH

title:	HT213185	url:	https://support.apple.com/en-us/HT213183	Trust: 1.5
title:	IBM Big SQL Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187022	Trust: 0.6
title:	Apple: macOS Big Sur 11.6.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4c90c4b83ae5b2687f4b5d9d71e49f12	Trust: 0.1
title:	Apple: macOS Monterey 12.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: ZDI: ZDI-22-711 // VULMON: CVE-2022-22626 // JVNDB: JVNDB-2022-008587 // CNNVD: CNNVD-202203-1365

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22626	Trust: 4.3
db:	PACKETSTORM	id:	166315	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-008587	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-16075	Trust: 0.7
db:	ZDI	id:	ZDI-22-711	Trust: 0.7
db:	CNNVD	id:	CNNVD-202203-1365	Trust: 0.7
db:	CS-HELP	id:	SB2022031435	Trust: 0.6
db:	PACKETSTORM	id:	166312	Trust: 0.2
db:	VULHUB	id:	VHN-411254	Trust: 0.1
db:	VULMON	id:	CVE-2022-22626	Trust: 0.1

sources: ZDI: ZDI-22-711 // VULHUB: VHN-411254 // VULMON: CVE-2022-22626 // JVNDB: JVNDB-2022-008587 // PACKETSTORM: 166315 // PACKETSTORM: 166312 // CNNVD: CNNVD-202203-1365 // NVD: CVE-2022-22626

REFERENCES

url:	https://support.apple.com/en-us/ht213183	Trust: 2.5
url:	https://support.apple.com/en-us/ht213184	Trust: 2.4
url:	https://support.apple.com/en-us/ht213185	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22626	Trust: 1.0
url:	https://packetstormsecurity.com/files/166315/apple-security-advisory-2022-03-14-5.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031435	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22626/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22625	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22616	Trust: 0.2
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.2
url:	https://support.apple.com/downloads/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22613	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22661	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22650	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22617	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22638	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22631	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22597	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22627	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22615	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22582	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22647	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22614	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22648	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22662	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22656	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht213184	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22633	Trust: 0.1
url:	https://support.apple.com/ht213184.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22632	Trust: 0.1
url:	https://support.apple.com/ht213185.	Trust: 0.1

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 0.7

sources: ZDI: ZDI-22-711

SOURCES

db:	ZDI	id:	ZDI-22-711
db:	VULHUB	id:	VHN-411254
db:	VULMON	id:	CVE-2022-22626
db:	JVNDB	id:	JVNDB-2022-008587
db:	PACKETSTORM	id:	166315
db:	PACKETSTORM	id:	166312
db:	CNNVD	id:	CNNVD-202203-1365
db:	NVD	id:	CVE-2022-22626

LAST UPDATE DATE

2024-08-14T13:05:03.082000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-711	date:	2022-04-28T00:00:00
db:	VULHUB	id:	VHN-411254	date:	2022-11-02T00:00:00
db:	VULMON	id:	CVE-2022-22626	date:	2022-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-008587	date:	2023-07-28T05:18:00
db:	CNNVD	id:	CNNVD-202203-1365	date:	2022-03-29T00:00:00
db:	NVD	id:	CVE-2022-22626	date:	2022-11-02T13:18:35.983

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-711	date:	2022-04-28T00:00:00
db:	VULHUB	id:	VHN-411254	date:	2022-03-18T00:00:00
db:	VULMON	id:	CVE-2022-22626	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-008587	date:	2023-07-28T00:00:00
db:	PACKETSTORM	id:	166315	date:	2022-03-15T15:46:38
db:	PACKETSTORM	id:	166312	date:	2022-03-15T15:45:47
db:	CNNVD	id:	CNNVD-202203-1365	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2022-22626	date:	2022-03-18T18:15:13.987