Catalina |
BigSur |
Monterey |
tvOS |
iOS/iPadOS |
watchOS |
CVE-2022-26702 [important] AppleAVD
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges |
|
|
|
x |
x |
x |
CVE-2022-22675 [important] AppleAVD
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. |
|
x |
|
x |
|
x |
CVE-2022-26724 [important] AuthKit
An authentication issue was addressed with improved state management.
A local user may be able to enable iCloud Photos without authentication |
|
|
|
x |
|
|
CVE-2022-26736 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
x |
x |
|
CVE-2022-26737 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
x |
x |
|
CVE-2022-26738 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
x |
x |
|
CVE-2022-26739 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
x |
x |
|
CVE-2022-26740 [important] AVEVideoEncoder
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
x |
x |
|
CVE-2022-26763 [important] DriverKit
An out-of-bounds access issue was addressed with improved bounds checking.
A malicious application may be able to execute arbitrary code with system privileges |
x |
x |
x |
x |
x |
x |
CVE-2022-26711 [critical] ImageIO
An integer overflow was addressed with improved input validation.
A remote attacker may be able to cause unexpected application termination or arbitrary code execution |
|
|
x |
x |
x |
x |
CVE-2022-26701 [important] IOKit
A race condition was addressed with improved locking.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
x |
x |
|
CVE-2022-26768 [important] IOMobileFrameBuffer
A memory corruption issue was addressed with improved state management.
An application may be able to execute arbitrary code with kernel privileges |
|
x |
x |
x |
x |
x |
CVE-2022-26771 [important] IOSurfaceAccelerator
A memory corruption issue was addressed with improved state management.
A malicious application may be able to execute arbitrary code with kernel privileges |
|
|
|
x |
x |
x |
CVE-2022-26714 [important] Kernel
A memory corruption issue was addressed with improved validation.
An application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
x |
x |
x |
CVE-2022-26757 [important] Kernel
A use after free issue was addressed with improved memory management.
An application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
x |
x |
x |
CVE-2022-26764 [important] Kernel
A memory corruption issue was addressed with improved validation.
An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations |
|
|
x |
x |
x |
x |
CVE-2022-26765 [important] Kernel
A race condition was addressed with improved state handling.
A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication |
|
|
x |
x |
x |
x |
CVE-2022-26706 [moderate] LaunchServices
An access issue was addressed with additional sandbox restrictions on third-party applications.
A sandboxed process may be able to circumvent sandbox restrictions |
|
x |
x |
x |
x |
x |
CVE-2022-23308 [critical] libxml2
A use after free issue was addressed with improved memory management.
A remote attacker may be able to cause unexpected application termination or arbitrary code execution |
x |
x |
x |
x |
x |
x |
CVE-2022-26766 [important] Security
A certificate parsing issue was addressed with improved checks.
A malicious app may be able to bypass signature validation |
x |
x |
x |
x |
x |
x |
WebKit Bugzilla [critical] WebKit
A memory corruption issue was addressed with improved state management.
Processing maliciously crafted web content may lead to arbitrary code execution |
|
|
x |
x |
x |
x |
CVE-2022-26745 [moderate] Wi-Fi
A memory corruption issue was addressed with improved validation.
A malicious application may disclose restricted memory |
|
x |
x |
x |
x |
x |
CVE-2021-44224 [other] apache
Multiple issues were addressed by updating apache to version 2.4.53.
Multiple issues in apache |
x |
x |
x |
|
|
|
CVE-2021-44790 [other] apache
Multiple issues were addressed by updating apache to version 2.4.53.
Multiple issues in apache |
x |
x |
x |
|
|
|
CVE-2022-22719 [other] apache
Multiple issues were addressed by updating apache to version 2.4.53.
Multiple issues in apache |
x |
x |
x |
|
|
|
CVE-2022-22720 [other] apache
Multiple issues were addressed by updating apache to version 2.4.53.
Multiple issues in apache |
x |
x |
x |
|
|
|
CVE-2022-22721 [other] apache
Multiple issues were addressed by updating apache to version 2.4.53.
Multiple issues in apache |
x |
x |
x |
|
|
|
CVE-2022-22665 [important] AppKit
A logic issue was addressed with improved validation.
A malicious application may be able to gain root privileges |
x |
x |
|
|
|
|
CVE-2022-26751 [critical] AppleGraphicsControl
A memory corruption issue was addressed with improved input validation.
Processing a maliciously crafted image may lead to arbitrary code execution |
x |
x |
x |
|
x |
|
CVE-2022-26697 [important] AppleScript
An out-of-bounds read issue was addressed with improved input validation.
Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory |
x |
x |
x |
|
|
|
CVE-2022-26698 [important] AppleScript
An out-of-bounds read issue was addressed with improved bounds checking.
Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory |
x |
x |
x |
|
|
|
CVE-2022-22663 [moderate] CoreTypes
This issue was addressed with improved checks to prevent unauthorized actions.
A malicious application may bypass Gatekeeper checks |
x |
x |
|
|
|
|
CVE-2022-26721 [important] CVMS
A memory initialization issue was addressed.
A malicious application may be able to gain root privileges |
x |
x |
x |
|
|
|
CVE-2022-26722 [important] CVMS
A memory initialization issue was addressed.
A malicious application may be able to gain root privileges |
x |
x |
x |
|
|
|
CVE-2022-22674 [moderate] Graphics Drivers
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
A local user may be able to read kernel memory |
x |
x |
|
|
|
|
CVE-2022-26720 [important] Intel Graphics Driver
An out-of-bounds write issue was addressed with improved bounds checking.
A malicious application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
|
|
|
CVE-2022-26770 [important] Intel Graphics Driver
An out-of-bounds read issue was addressed with improved input validation.
A malicious application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
|
|
|
CVE-2022-26756 [important] Intel Graphics Driver
An out-of-bounds write issue was addressed with improved input validation.
An application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
|
|
|
CVE-2022-26769 [important] Intel Graphics Driver
A memory corruption issue was addressed with improved input validation.
A malicious application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
|
|
|
CVE-2022-26748 [critical] Intel Graphics Driver
An out-of-bounds write issue was addressed with improved input validation.
Processing maliciously crafted web content may lead to arbitrary code execution |
x |
x |
x |
|
|
|
CVE-2022-26775 [critical] libresolv
An integer overflow was addressed with improved input validation.
An attacker may be able to cause unexpected application termination or arbitrary code execution |
x |
|
x |
|
|
|
CVE-2022-0778 [moderate] OpenSSL
This issue was addressed with improved checks.
Processing a maliciously crafted certificate may lead to a denial of service |
x |
x |
x |
|
|
|
CVE-2022-26727 [important] PackageKit
This issue was addressed with improved entitlements.
A malicious application may be able to modify protected parts of the file system |
x |
|
x |
|
|
|
CVE-2022-26746 [moderate] Printing
This issue was addressed by removing the vulnerable code.
A malicious application may be able to bypass Privacy preferences |
x |
x |
x |
|
|
|
CVE-2022-26715 [important] SMB
An out-of-bounds write issue was addressed with improved bounds checking.
An application may be able to gain elevated privileges |
x |
x |
x |
|
|
|
CVE-2022-26728 [important] SoftwareUpdate
This issue was addressed with improved entitlements.
A malicious application may be able to access restricted files |
x |
x |
x |
|
|
|
CVE-2022-26726 [other] TCC
This issue was addressed with improved checks.
An app may be able to capture a user's screen |
x |
x |
x |
|
|
x |
CVE-2022-26755 [other] Tcl
This issue was addressed with improved environment sanitization.
A malicious application may be able to break out of its sandbox |
x |
x |
x |
|
|
|
CVE-2022-22589 [other] WebKit
A validation issue was addressed with improved input sanitization.
Processing a maliciously crafted mail message may lead to running arbitrary javascript |
x |
x |
|
|
|
|
CVE-2022-26761 [important] Wi-Fi
A memory corruption issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
x |
x |
x |
|
|
|
CVE-2022-0530 [other] zip
A denial of service issue was addressed with improved state handling.
Processing a maliciously crafted file may lead to a denial of service |
x |
x |
x |
|
|
|
CVE-2018-25032 [critical] zlib
A memory corruption issue was addressed with improved input validation.
An attacker may be able to cause unexpected application termination or arbitrary code execution |
x |
x |
x |
|
|
|
CVE-2021-45444 [other] zsh
This issue was addressed by updating to zsh version 5.8.1.
A remote attacker may be able to cause arbitrary code execution |
x |
x |
x |
|
|
|
CVE-2022-26767 [moderate] LaunchServices
The issue was addressed with additional permissions checks.
A malicious application may be able to bypass Privacy preferences |
|
x |
x |
|
|
|
CVE-2022-26776 [critical] libresolv
This issue was addressed with improved checks.
An attacker may be able to cause unexpected application termination or arbitrary code execution |
|
x |
x |
|
|
|
CVE-2022-26712 [important] PackageKit
This issue was addressed by removing the vulnerable code.
A malicious application may be able to modify protected parts of the file system |
|
x |
x |
|
|
|
CVE-2022-26718 [important] SMB
An out-of-bounds read issue was addressed with improved input validation.
An application may be able to gain elevated privileges |
|
x |
x |
|
|
|
CVE-2022-26723 [critical] SMB
A memory corruption issue was addressed with improved input validation.
Mounting a maliciously crafted Samba network share may lead to arbitrary code execution |
|
x |
x |
|
|
|
CVE-2021-4136 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2021-4166 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2021-4173 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2021-4187 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2021-4192 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2021-4193 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2021-46059 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2022-0128 [other] Vim
Multiple issues were addressed by updating Vim.
Multiple issues in Vim |
|
x |
|
|
|
|
CVE-2022-26772 [important] AMD
A memory corruption issue was addressed with improved state management.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26741 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26742 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26749 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26750 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26752 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26753 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26754 [important] AMD
A buffer overflow issue was addressed with improved memory handling.
An application may be able to execute arbitrary code with kernel privileges |
|
|
x |
|
|
|
CVE-2022-26694 [important] Contacts
This issue was addressed with improved checks.
A plug-in may be able to inherit the application's permissions and access user data |
|
|
x |
|
|
|
CVE-2022-26725 [other] ImageIO
A logic issue was addressed with improved state management.
Photo location information may persist after it is removed with Preview Inspector |
|
|
x |
|
|
|
CVE-2022-26743 [other] Kernel
An out-of-bounds write issue was addressed with improved bounds checking.
An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges |
|
|
x |
|
|
|
CVE-2022-26708 [critical] libresolv
This issue was addressed with improved checks.
An attacker may be able to cause unexpected application termination or arbitrary code execution |
|
|
x |
|
|
|
CVE-2022-26693 [important] Preview
This issue was addressed with improved checks.
A plug-in may be able to inherit the application's permissions and access user data |
|
|
x |
|
|
|
CVE-2022-26731 [other] Safari Private Browsing
A logic issue was addressed with improved state management.
A malicious website may be able to track users in Safari private browsing mode |
|
|
x |
|
x |
|
CVE-2022-26704 [other] Spotlight
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.
An app may be able to gain elevated privileges |
|
|
x |
|
|
|
CVE-2022-26762 [important] Wi-Fi
A memory corruption issue was addressed with improved memory handling.
A malicious application may be able to execute arbitrary code with system privileges |
|
|
x |
|
x |
|
CVE-2022-26744 [important] GPU Drivers
A memory corruption issue was addressed with improved state management.
An application may be able to execute arbitrary code with kernel privileges |
|
|
|
|
x |
|
CVE-2022-22673 [important] Notes
This issue was addressed with improved checks.
Processing a large input may lead to a denial of service |
|
|
|
|
x |
|
CVE-2022-26703 [important] Shortcuts
An authorization issue was addressed with improved state management.
A person with physical access to an iOS device may be able to access photos from the lock screen |
|
|
|
|
x |
|
CVE-2022-26760 [important] Wi-Fi
A memory corruption issue was addressed with improved state management.
A malicious application may be able to elevate privileges |
|
|
|
|
x |
|
CVE-2015-4142 [other] Wi-Fi
This issue was addressed with improved checks.
A remote attacker may be able to cause a denial of service |
|
|
|
|
x |
|