| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <5B53835E-EEFC-4586-9EAE-6B7CF2DF9828@lists.apple.com> Date: Wed, 26 Jan 2022 16:00:29 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2022-01-26-4 Security Update 2022-001 Catalina -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-01-26-4 Security Update 2022-001 Catalina Security Update 2022-001 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213056. Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro PackageKit Available for: macOS Catalina Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point, Mickey Jin (@patch1t) Sandbox Available for: macOS Catalina Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: an anonymous researcher, @gorelics TCC Available for: macOS Catalina Impact: A malicious application may be able to bypass certain Privacy preferences Description: This issue was addressed with improved checks. CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09), and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Wojciech Reguła (@_r3ggi), jhftss (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security Additional recognition PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0+AACgkQeC9qKD1p rhgueRAA24KDPSQw5AL8EmFELBtITercDTPU/gML15xzbnEgVOmCY0i4FKk4Uyll HkwxRjwbvRkiPV3aOQ+7EbGAHA3v0v8VKPovzorX3PyoBwircahGs18L0kt8NZ1s yFK8OduYc2DqoO737XicYD6e516h8NQ6yOT8iVpml19gVr8WF1Hi9y77VynSCEcE UrRaCejajm1GzQswJCStBqhQXFWNqpD+Qm8kFlZfQrejKSBQglVM/d5mSEu3TnN1 kJpWaT0IEz6xSmlO7vz2V5xLQXO/EUHvQOb8psg6sJF9X6VNuyaeYVoORShNVWT3 cPO/5NyKQf201PDiHQDOGoBNG5UIGg0rkwIzvKHVAkn/g5PfC1XAK+2hmvj2igzg ARcNNZu8uKtOYcOarUlXJ5aApXAMBzsPEbLxeQSjJ7uup5fCwAhmcrchsZbBRm++ 2GwqFrMA2r8txQXdC2pXL6qZ4qKAXnfXQn4pJqL6Uqmyo4Tg4Q1dNUZzBkLoqOqv ZeSt/H+pM8AoGRKpK2s+J67Y/T6KCaTF3YlRKnQOHC+sHPmq6pOiuPqgk2HYDN2t lFbNKepGwPQVKPsEi4swXEjriKojCJruUDVXplD0a8z/kFyj1bJ9JNM8fzOTk2QH 1lkyiuSAR5LpafCnbzs4NoDIxgg2hofXV7G6lYXHnMM9dpmOfJ0= =l1zh -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists