ID

VAR-202207-1457


CVE

CVE-2022-32807


TITLE

apple's  Apple Mac OS X  and  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018239

DESCRIPTION

This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files. apple's Apple Mac OS X and macOS Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Information about the security content is also available at https://support.apple.com/HT213344. APFS Available for: macOS Big Sur Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Audio Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Calendar Available for: macOS Big Sur Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security Calendar Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones CoreText Available for: macOS Big Sur Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) FaceTime Available for: macOS Big Sur Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing File System Events Available for: macOS Big Sur Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant ICU Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Intel Graphics Driver Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Kernel Available for: macOS Big Sur Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab libxml2 Available for: macOS Big Sur Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 PackageKit Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Big Sur Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Big Sur Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz Software Update Available for: macOS Big Sur Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Big Sur Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant TCC Available for: macOS Big Sur Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0156 CVE-2022-0158 Wi-Fi Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Big Sur Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance macOS Big Sur 11.6.8 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYf6sACgkQeC9qKD1p rhgOJBAAtzyKOqdTnnBbwbFoG/HoZIbCVSVOtI5VIGH1weMQ72R3X2tXB5yTlpto 3l/eoMe0/covxipiZ+CvTh9tM5ZfV3IxN4bpsbxew1R/s81YE2K55dFp5+4zzqgh YyWrx8SntngP9PywAdKa+GRZrW7R95oNp2UTwifcQvFPs40F/OPrNQm23Xkmqsx0 zNNvMmqPaeCU8mgIOadO/uv626LjnkyKdwHKM3VBxGmklNEddQDjjoWcYugH7QYj e28EpKINEYfGVP/5n4uSeP6+kXmJj9nLzdKzfBD78gyBu5NX3Ai5Wh1BbsFMoFYE wcqlgEjMk3440babLb9kSRm81NX+EPgJLtjVPNRIrqs8pTh95CcDTRsotDUDl03R BrP6XGyXiS+3XyhdbamJDG9pCthJdo455XaYOlmzgIfgTJMkX3kdxiMAgGvbkPVl 3IesUuChRvi6pZwTWXN4k5Rn9epZSV+9HaYplnFPScJpYeLzUKThz1P2KbMTd0CT fiBU+fxwQqfzGRX3gyzRz0DMqiGdk0PnO9pfWND+9lQDyht7s73XnZrVOnPZHGYC tiNdrEHm+4WKaEwl/5invCZ8vPaiJ9cTH/aSbeRkeqR8ilDQMIhm2xooSP8Sd00E gTOoTOANfxrOqkFWhj0HQEq5OmCeALkE8BqiLuOVVIrN4e2LgPg= =6wU+ -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2022-32807 // JVNDB: JVNDB-2022-018239 // VULHUB: VHN-424896 // PACKETSTORM: 167788

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0 that's all 12.5

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.6.8

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:10.15.7

Trust: 0.8

sources: JVNDB: JVNDB-2022-018239 // NVD: CVE-2022-32807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32807
value: HIGH

Trust: 1.0

NVD: CVE-2022-32807
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2034
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32807
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-32807
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018239 // CNNVD: CNNVD-202207-2034 // NVD: CVE-2022-32807

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018239 // NVD: CVE-2022-32807

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2034

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2034

PATCH

title:HT213344 Apple  Security updateurl:https://support.apple.com/en-us/HT213343

Trust: 0.8

title:Apple macOS Big Sur Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209240

Trust: 0.6

title:Apple: macOS Big Sur 11.6.8url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=46307825e8223bef6aa99c76dff503a5

Trust: 0.1

title:Apple: macOS Monterey 12.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2022-32807 // JVNDB: JVNDB-2022-018239 // CNNVD: CNNVD-202207-2034

EXTERNAL IDS

db:NVDid:CVE-2022-32807

Trust: 3.5

db:PACKETSTORMid:167788

Trust: 0.8

db:JVNDBid:JVNDB-2022-018239

Trust: 0.8

db:CS-HELPid:SB2022072103

Trust: 0.6

db:CS-HELPid:SB2022072102

Trust: 0.6

db:AUSCERTid:ESB-2022.3561

Trust: 0.6

db:CNNVDid:CNNVD-202207-2034

Trust: 0.6

db:VULHUBid:VHN-424896

Trust: 0.1

db:VULMONid:CVE-2022-32807

Trust: 0.1

sources: VULHUB: VHN-424896 // VULMON: CVE-2022-32807 // JVNDB: JVNDB-2022-018239 // PACKETSTORM: 167788 // CNNVD: CNNVD-202207-2034 // NVD: CVE-2022-32807

REFERENCES

url:https://support.apple.com/en-us/ht213344

Trust: 2.3

url:https://support.apple.com/en-us/ht213343

Trust: 1.7

url:https://support.apple.com/en-us/ht213345

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32807

Trust: 0.9

url:https://www.cybersecurity-help.cz/vdb/sb2022072103

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072102

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873

Trust: 0.6

url:https://packetstormsecurity.com/files/167788/apple-security-advisory-2022-07-20-3.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32807/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3561

Trust: 0.6

url:https://support.apple.com/kb/ht213344

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0156

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32812

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26704

Trust: 0.1

url:https://support.apple.com/ht213344.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0158

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32787

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: VULHUB: VHN-424896 // VULMON: CVE-2022-32807 // JVNDB: JVNDB-2022-018239 // PACKETSTORM: 167788 // CNNVD: CNNVD-202207-2034 // NVD: CVE-2022-32807

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 167788

SOURCES

db:VULHUBid:VHN-424896
db:VULMONid:CVE-2022-32807
db:JVNDBid:JVNDB-2022-018239
db:PACKETSTORMid:167788
db:CNNVDid:CNNVD-202207-2034
db:NVDid:CVE-2022-32807

LAST UPDATE DATE

2024-08-14T12:50:38.100000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424896date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-018239date:2023-10-19T05:11:00
db:CNNVDid:CNNVD-202207-2034date:2022-09-28T00:00:00
db:NVDid:CVE-2022-32807date:2022-11-02T13:18:35.983

SOURCES RELEASE DATE

db:VULHUBid:VHN-424896date:2022-09-23T00:00:00
db:JVNDBid:JVNDB-2022-018239date:2023-10-19T00:00:00
db:PACKETSTORMid:167788date:2022-07-22T16:23:29
db:CNNVDid:CNNVD-202207-2034date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32807date:2022-09-23T19:15:12.747