Details of VAR-202205-1316

ID

VAR-202205-1316

CVE

CVE-2022-26727

TITLE

macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011159

DESCRIPTION

This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. macOS Exists in unspecified vulnerabilities.Information may be tampered with. macOS Monterey 12.4. Information about the security content is also available at https://support.apple.com/HT213255. apache Available for: macOS Catalina Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro CoreTypes Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Catalina Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero libresolv Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-26727: Mickey Jin (@patch1t) Printing Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Catalina Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Catalina Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Security Update 2022-004 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0 58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH 4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0 NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE 9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g= =JBHs -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-26727 // JVNDB: JVNDB-2022-011159 // VULHUB: VHN-417396 // VULMON: CVE-2022-26727 // PACKETSTORM: 167189

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011159 // NVD: CVE-2022-26727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26727
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26727
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-3419
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-417396
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26727
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417396
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26727
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26727
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417396 // JVNDB: JVNDB-2022-011159 // CNNVD: CNNVD-202205-3419 // NVD: CVE-2022-26727

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-011159 // NVD: CVE-2022-26727

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3419

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202205-3419

PATCH

title:	HT213255 Apple Security update	url:	https://support.apple.com/en-us/HT213255	Trust: 0.8
title:	Apple macOS Catalina Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195197	Trust: 0.6
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1

sources: VULMON: CVE-2022-26727 // JVNDB: JVNDB-2022-011159 // CNNVD: CNNVD-202205-3419

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26727	Trust: 3.5
db:	PACKETSTORM	id:	167189	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-011159	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.2411	Trust: 0.6
db:	CS-HELP	id:	SB2022051703	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3419	Trust: 0.6
db:	VULHUB	id:	VHN-417396	Trust: 0.1
db:	VULMON	id:	CVE-2022-26727	Trust: 0.1

sources: VULHUB: VHN-417396 // VULMON: CVE-2022-26727 // JVNDB: JVNDB-2022-011159 // PACKETSTORM: 167189 // CNNVD: CNNVD-202205-3419 // NVD: CVE-2022-26727

REFERENCES

url:	https://support.apple.com/en-us/ht213255	Trust: 2.3
url:	https://support.apple.com/en-us/ht213257	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26727	Trust: 0.9
url:	https://www.cybersecurity-help.cz/vdb/sb2022051703	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26727/	Trust: 0.6
url:	https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2411	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381	Trust: 0.6
url:	https://support.apple.com/kb/ht213257	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://support.apple.com/ht213255.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22674	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26748	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26746	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1

sources: VULHUB: VHN-417396 // VULMON: CVE-2022-26727 // JVNDB: JVNDB-2022-011159 // PACKETSTORM: 167189 // CNNVD: CNNVD-202205-3419 // NVD: CVE-2022-26727

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 167189

SOURCES

db:	VULHUB	id:	VHN-417396
db:	VULMON	id:	CVE-2022-26727
db:	JVNDB	id:	JVNDB-2022-011159
db:	PACKETSTORM	id:	167189
db:	CNNVD	id:	CNNVD-202205-3419
db:	NVD	id:	CVE-2022-26727

LAST UPDATE DATE

2024-11-23T19:31:51.764000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417396	date:	2022-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011159	date:	2023-08-21T00:46:00
db:	CNNVD	id:	CNNVD-202205-3419	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-26727	date:	2024-11-21T06:54:23.730

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417396	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011159	date:	2023-08-21T00:00:00
db:	PACKETSTORM	id:	167189	date:	2022-05-17T16:59:55
db:	CNNVD	id:	CNNVD-202205-3419	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26727	date:	2022-05-26T19:15:08.817