ID

VAR-202205-1296


CVE

CVE-2022-26748


TITLE

macOS  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011245

DESCRIPTION

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebGL library. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. macOS Monterey 12.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina Security Update 2022-004 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213255. apache Available for: macOS Catalina Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro CoreTypes Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Catalina Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero libresolv Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Catalina Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Printing Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Catalina Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Catalina Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Security Update 2022-004 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0 58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH 4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0 NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE 9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g= =JBHs -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // ZDI: ZDI-22-793 // VULHUB: VHN-417417 // VULMON: CVE-2022-26748 // PACKETSTORM: 167189

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.4

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-793 // JVNDB: JVNDB-2022-011245 // NVD: CVE-2022-26748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26748
value: HIGH

Trust: 1.0

NVD: CVE-2022-26748
value: HIGH

Trust: 0.8

ZDI: CVE-2022-26748
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202205-3416
value: HIGH

Trust: 0.6

VULHUB: VHN-417417
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-26748
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-417417
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-26748
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-26748
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-26748
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-793 // VULHUB: VHN-417417 // JVNDB: JVNDB-2022-011245 // CNNVD: CNNVD-202205-3416 // NVD: CVE-2022-26748

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-417417 // JVNDB: JVNDB-2022-011245 // NVD: CVE-2022-26748

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3416

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3416

PATCH

title:HT213256 Apple  Security updateurl:https://support.apple.com/en-us/HT213255

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT213257

Trust: 0.7

title:Apple macOS Big Sur Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192953

Trust: 0.6

title:Apple: macOS Monterey 12.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619

Trust: 0.1

sources: ZDI: ZDI-22-793 // VULMON: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // CNNVD: CNNVD-202205-3416

EXTERNAL IDS

db:NVDid:CVE-2022-26748

Trust: 4.2

db:PACKETSTORMid:167189

Trust: 0.8

db:JVNDBid:JVNDB-2022-011245

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-16206

Trust: 0.7

db:ZDIid:ZDI-22-793

Trust: 0.7

db:AUSCERTid:ESB-2022.2411

Trust: 0.6

db:CS-HELPid:SB2022051703

Trust: 0.6

db:CNNVDid:CNNVD-202205-3416

Trust: 0.6

db:VULHUBid:VHN-417417

Trust: 0.1

db:VULMONid:CVE-2022-26748

Trust: 0.1

sources: ZDI: ZDI-22-793 // VULHUB: VHN-417417 // VULMON: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // PACKETSTORM: 167189 // CNNVD: CNNVD-202205-3416 // NVD: CVE-2022-26748

REFERENCES

url:https://support.apple.com/en-us/ht213257

Trust: 2.4

url:https://support.apple.com/en-us/ht213256

Trust: 2.3

url:https://support.apple.com/en-us/ht213255

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-26748

Trust: 0.9

url:https://www.cybersecurity-help.cz/vdb/sb2022051703

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-26748/

Trust: 0.6

url:https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2411

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381

Trust: 0.6

url:https://support.apple.com/kb/ht213257

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://support.apple.com/ht213255.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0530

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26728

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26715

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26746

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: ZDI: ZDI-22-793 // VULHUB: VHN-417417 // VULMON: CVE-2022-26748 // JVNDB: JVNDB-2022-011245 // PACKETSTORM: 167189 // CNNVD: CNNVD-202205-3416 // NVD: CVE-2022-26748

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-22-793

SOURCES

db:ZDIid:ZDI-22-793
db:VULHUBid:VHN-417417
db:VULMONid:CVE-2022-26748
db:JVNDBid:JVNDB-2022-011245
db:PACKETSTORMid:167189
db:CNNVDid:CNNVD-202205-3416
db:NVDid:CVE-2022-26748

LAST UPDATE DATE

2024-08-14T12:08:43.702000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-22-793date:2024-07-08T00:00:00
db:VULHUBid:VHN-417417date:2022-06-07T00:00:00
db:JVNDBid:JVNDB-2022-011245date:2023-08-21T06:21:00
db:CNNVDid:CNNVD-202205-3416date:2022-06-08T00:00:00
db:NVDid:CVE-2022-26748date:2022-06-07T20:17:34.523

SOURCES RELEASE DATE

db:ZDIid:ZDI-22-793date:2022-05-26T00:00:00
db:VULHUBid:VHN-417417date:2022-05-26T00:00:00
db:JVNDBid:JVNDB-2022-011245date:2023-08-21T00:00:00
db:PACKETSTORMid:167189date:2022-05-17T16:59:55
db:CNNVDid:CNNVD-202205-3416date:2022-05-16T00:00:00
db:NVDid:CVE-2022-26748date:2022-05-26T20:15:08.993