Details of VAR-202205-1296

ID

VAR-202205-1296

CVE

CVE-2022-26748

TITLE

macOS Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011245

DESCRIPTION

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGL library. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina Security Update 2022-004 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213255. apache Available for: macOS Catalina Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro CoreTypes Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Catalina Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero libresolv Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Catalina Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Printing Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Catalina Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Catalina Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Security Update 2022-004 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0 58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH 4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0 NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE 9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g= =JBHs -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // ZDI: ZDI-22-793 // VULHUB: VHN-417417 // VULMON: CVE-2022-26748 // PACKETSTORM: 167189

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-22-793 // JVNDB: JVNDB-2022-011245 // NVD: CVE-2022-26748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26748
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26748
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-26748
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202205-3416
value:	HIGH
Trust: 0.6
VULHUB:	VHN-417417
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26748
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417417
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26748
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26748
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-26748
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-793 // VULHUB: VHN-417417 // JVNDB: JVNDB-2022-011245 // CNNVD: CNNVD-202205-3416 // NVD: CVE-2022-26748

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417417 // JVNDB: JVNDB-2022-011245 // NVD: CVE-2022-26748

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3416

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3416

PATCH

title:	HT213256 Apple Security update	url:	https://support.apple.com/en-us/HT213255	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/en-us/HT213257	Trust: 0.7
title:	Apple macOS Big Sur Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192953	Trust: 0.6
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1

sources: ZDI: ZDI-22-793 // VULMON: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // CNNVD: CNNVD-202205-3416

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26748	Trust: 4.2
db:	PACKETSTORM	id:	167189	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-011245	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-16206	Trust: 0.7
db:	ZDI	id:	ZDI-22-793	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.2411	Trust: 0.6
db:	CS-HELP	id:	SB2022051703	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3416	Trust: 0.6
db:	VULHUB	id:	VHN-417417	Trust: 0.1
db:	VULMON	id:	CVE-2022-26748	Trust: 0.1

sources: ZDI: ZDI-22-793 // VULHUB: VHN-417417 // VULMON: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // PACKETSTORM: 167189 // CNNVD: CNNVD-202205-3416 // NVD: CVE-2022-26748

REFERENCES

url:	https://support.apple.com/en-us/ht213257	Trust: 2.4
url:	https://support.apple.com/en-us/ht213256	Trust: 2.3
url:	https://support.apple.com/en-us/ht213255	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26748	Trust: 0.9
url:	https://www.cybersecurity-help.cz/vdb/sb2022051703	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26748/	Trust: 0.6
url:	https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2411	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381	Trust: 0.6
url:	https://support.apple.com/kb/ht213257	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://support.apple.com/ht213255.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22674	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26746	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-22-793

SOURCES

db:	ZDI	id:	ZDI-22-793
db:	VULHUB	id:	VHN-417417
db:	VULMON	id:	CVE-2022-26748
db:	JVNDB	id:	JVNDB-2022-011245
db:	PACKETSTORM	id:	167189
db:	CNNVD	id:	CNNVD-202205-3416
db:	NVD	id:	CVE-2022-26748

LAST UPDATE DATE

2024-08-14T12:08:43.702000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-793	date:	2024-07-08T00:00:00
db:	VULHUB	id:	VHN-417417	date:	2022-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011245	date:	2023-08-21T06:21:00
db:	CNNVD	id:	CNNVD-202205-3416	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-26748	date:	2022-06-07T20:17:34.523

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-793	date:	2022-05-26T00:00:00
db:	VULHUB	id:	VHN-417417	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011245	date:	2023-08-21T00:00:00
db:	PACKETSTORM	id:	167189	date:	2022-05-17T16:59:55
db:	CNNVD	id:	CNNVD-202205-3416	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26748	date:	2022-05-26T20:15:08.993