cvelistv5 - CVE-2022-22583

CVE-2022-22583

Vulnerability from cvelistv5

Published

2022-03-18 17:59

Modified

2024-08-03 03:14

Severity ?

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213054	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213055	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213056	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213054	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213055	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213056	Release Notes, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Apple

macOS

Version: unspecified < 12.2

	Apple	macOS	Version: unspecified < 11.6
	Apple	macOS	Version: unspecified < 2022

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:14:55.751Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213055",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213054",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213056",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "12.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "11.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "2022",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "An application may be able to access restricted files",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-03-18T17:59:13",
            orgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
            shortName: "apple",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT213055",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT213054",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/en-us/HT213056",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2022-22583",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "macOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "12.2",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "macOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "11.6",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "macOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "2022",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apple",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "An application may be able to access restricted files",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/en-us/HT213055",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT213055",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT213054",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT213054",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT213056",
                     refsource: "MISC",
                     url: "https://support.apple.com/en-us/HT213056",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
      assignerShortName: "apple",
      cveId: "CVE-2022-22583",
      datePublished: "2022-03-18T17:59:13",
      dateReserved: "2022-01-05T00:00:00",
      dateUpdated: "2024-08-03T03:14:55.751Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-22583\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2022-03-18T18:15:12.317\",\"lastModified\":\"2024-11-21T06:47:04.090\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.\"},{\"lang\":\"es\",\"value\":\"Se abordó un problema de permisos con una comprobación mejorada. Este problema es corregido en Security Update 2022-001 Catalina, macOS Monterey versión 12.2, macOS Big Sur versión 11.6.3. Una aplicación podría acceder a archivos restringidos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.15\",\"versionEndExcluding\":\"10.15.7\",\"matchCriteriaId\":\"DB8A73F8-3074-4B32-B9F6-343B6B1988C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F4BF7F-90D4-4668-B4E6-B06F4070F448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F441A43-1669-478D-9EC8-E96882DE4F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D425C653-37A2-448C-BF2F-B684ADB08A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54D63B7-B92B-47C3-B1C5-9892E5873A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"3456176F-9185-4EE2-A8CE-3D989D674AB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"D337EE21-2F00-484D-9285-F2B0248D7A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"012052B5-9AA7-4FD3-9C80-5F615330039D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"50F21A3C-0AC3-48C5-A4F8-5A7B478875B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E974DC6-F7D9-4389-9AF9-863F6E419CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.6.3\",\"matchCriteriaId\":\"6846D174-7E4E-4ADC-BEEB-71BD3C15EBFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.3\",\"matchCriteriaId\":\"9422A022-F279-4596-BC97-3223611D73DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B711B29C-E487-48A7-8984-CF8B203B919D\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT213054\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213055\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213056\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
   },
}

WID-SEC-W-2023-1213

Vulnerability from csaf_certbund

Published

2022-01-26 23:00

Modified

2023-05-14 22:00

Summary

Apple macOS (Monterey): Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS (Monterey) ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS (Monterey) ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- MacOS X",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-1213 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-1213.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-1213 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1213",
         },
         {
            category: "external",
            summary: "Apple Security Advisory vom 2022-01-26",
            url: "https://support.apple.com/en-us/HT213054",
         },
      ],
      source_lang: "en-US",
      title: "Apple macOS (Monterey): Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2023-05-14T22:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:50:50.298+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-1213",
         initial_release_date: "2022-01-26T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2022-01-26T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2022-01-27T23:00:00.000+00:00",
               number: "2",
               summary: "Referenz(en) aufgenommen: APPLE-SA-2022-01-26-2",
            },
            {
               date: "2023-05-14T22:00:00.000+00:00",
               number: "3",
               summary: "CVE-2022-22646, CVE-2022-22676 ergänzt",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_name",
                  name: "Apple macOS Monterey < 12.2",
                  product: {
                     name: "Apple macOS Monterey < 12.2",
                     product_id: "T021864",
                     product_identification_helper: {
                        cpe: "cpe:/o:apple:mac_os:monterey_12.2",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Apple",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-22676",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22676",
      },
      {
         cve: "CVE-2022-22646",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22646",
      },
      {
         cve: "CVE-2022-22594",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22594",
      },
      {
         cve: "CVE-2022-22593",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22593",
      },
      {
         cve: "CVE-2022-22592",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22592",
      },
      {
         cve: "CVE-2022-22591",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22591",
      },
      {
         cve: "CVE-2022-22590",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22590",
      },
      {
         cve: "CVE-2022-22589",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22589",
      },
      {
         cve: "CVE-2022-22587",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22587",
      },
      {
         cve: "CVE-2022-22586",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22586",
      },
      {
         cve: "CVE-2022-22585",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22585",
      },
      {
         cve: "CVE-2022-22584",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22584",
      },
      {
         cve: "CVE-2022-22583",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22583",
      },
      {
         cve: "CVE-2022-22579",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22579",
      },
      {
         cve: "CVE-2022-22578",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22578",
      },
   ],
}

wid-sec-w-2023-1213

Vulnerability from csaf_certbund

Published

2022-01-26 23:00

Modified

2023-05-14 22:00

Summary

Apple macOS (Monterey): Mehrere Schwachstellen

Notes

Produktbeschreibung

Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff

Betroffene Betriebssysteme

- MacOS X

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS (Monterey) ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- MacOS X",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-1213 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-1213.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-1213 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1213",
         },
         {
            category: "external",
            summary: "Apple Security Advisory vom 2022-01-26",
            url: "https://support.apple.com/en-us/HT213054",
         },
      ],
      source_lang: "en-US",
      title: "Apple macOS (Monterey): Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2023-05-14T22:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:50:50.298+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-1213",
         initial_release_date: "2022-01-26T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2022-01-26T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2022-01-27T23:00:00.000+00:00",
               number: "2",
               summary: "Referenz(en) aufgenommen: APPLE-SA-2022-01-26-2",
            },
            {
               date: "2023-05-14T22:00:00.000+00:00",
               number: "3",
               summary: "CVE-2022-22646, CVE-2022-22676 ergänzt",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_name",
                  name: "Apple macOS Monterey < 12.2",
                  product: {
                     name: "Apple macOS Monterey < 12.2",
                     product_id: "T021864",
                     product_identification_helper: {
                        cpe: "cpe:/o:apple:mac_os:monterey_12.2",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Apple",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-22676",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22676",
      },
      {
         cve: "CVE-2022-22646",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22646",
      },
      {
         cve: "CVE-2022-22594",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22594",
      },
      {
         cve: "CVE-2022-22593",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22593",
      },
      {
         cve: "CVE-2022-22592",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22592",
      },
      {
         cve: "CVE-2022-22591",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22591",
      },
      {
         cve: "CVE-2022-22590",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22590",
      },
      {
         cve: "CVE-2022-22589",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22589",
      },
      {
         cve: "CVE-2022-22587",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22587",
      },
      {
         cve: "CVE-2022-22586",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22586",
      },
      {
         cve: "CVE-2022-22585",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22585",
      },
      {
         cve: "CVE-2022-22584",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22584",
      },
      {
         cve: "CVE-2022-22583",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22583",
      },
      {
         cve: "CVE-2022-22579",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22579",
      },
      {
         cve: "CVE-2022-22578",
         notes: [
            {
               category: "description",
               text: "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD Kernel, ColorSync, Crash Reporter, iCloud, Intel Graphics Driver, IOMobileFrameBuffer, Kernel, Model I/O, PackageKit, WebKit und WebKit Storage. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder bestimmte Privilegien.",
            },
         ],
         release_date: "2022-01-26T23:00:00.000+00:00",
         title: "CVE-2022-22578",
      },
   ],
}

gsd-2022-22583

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-22583

Aliases

CVE-2022-22583

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2022-22583",
      description: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
      id: "GSD-2022-22583",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2022-22583",
         ],
         details: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
         id: "GSD-2022-22583",
         modified: "2023-12-13T01:19:29.970807Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "product-security@apple.com",
            ID: "CVE-2022-22583",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "macOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "12.2",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "macOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "11.6",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "macOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "2022",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Apple",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "An application may be able to access restricted files",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://support.apple.com/en-us/HT213055",
                  refsource: "MISC",
                  url: "https://support.apple.com/en-us/HT213055",
               },
               {
                  name: "https://support.apple.com/en-us/HT213054",
                  refsource: "MISC",
                  url: "https://support.apple.com/en-us/HT213054",
               },
               {
                  name: "https://support.apple.com/en-us/HT213056",
                  refsource: "MISC",
                  url: "https://support.apple.com/en-us/HT213056",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.15.7",
                        versionStartIncluding: "10.15",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "12.3",
                        versionStartIncluding: "12.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "11.6.3",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2022-22583",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-668",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/en-us/HT213056",
                     refsource: "MISC",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/en-us/HT213056",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT213054",
                     refsource: "MISC",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/en-us/HT213054",
                  },
                  {
                     name: "https://support.apple.com/en-us/HT213055",
                     refsource: "MISC",
                     tags: [
                        "Release Notes",
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/en-us/HT213055",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 2.1,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 3.9,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "LOW",
               userInteractionRequired: false,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               exploitabilityScore: 1.8,
               impactScore: 3.6,
            },
         },
         lastModifiedDate: "2022-11-02T13:18Z",
         publishedDate: "2022-03-18T18:15Z",
      },
   },
}

var-202201-0378

Vulnerability from variot

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within PackageKit. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information in the context of the current user. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2022-01-26-2 macOS Monterey 12.2

macOS Monterey 12.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213054.

AMD Kernel Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22586: an anonymous researcher

ColorSync Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro

Crash Reporter Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher

iCloud Available for: macOS Monterey Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto

IOMobileFrameBuffer Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)

Kernel Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs

Model I/O Available for: macOS Monterey Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro

PackageKit Available for: macOS Monterey Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point

WebKit Available for: macOS Monterey Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com)

WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath)

WebKit Storage Available for: macOS Monterey Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS

Additional recognition

Kernel We would like to acknowledge Tao Huang for their assistance.

Metal We would like to acknowledge Tao Huang for their assistance.

PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance.

WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance.

Installation note:

This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0zEACgkQeC9qKD1p rhhFUw/+K0ImMkw8zCjqdJza05Y6mlSa2wAdoVQK4pywYylcWMzemOi9GStr1Tgq CmA7KFo2hPp/9kh6+SURi91WwUKdNHsDfasjNDqTTOJalQFuKB0erZgEpcprBnHE lzT2heSJDl58sMSn0hLlGIhLfc+4Ld29FKc3lmtBPGeKY3vUViHLN0s3sZj07twx Ew7yYkDBkz/e2kGRDByWzmvsSQt+w7HMK+pN1m5CBTZdP8KAHVtbuv8BPtMHKwNJ 1Kzo6nW4MJ9Eds63Lz4A37nqTNxmvsbf4zDSppwAp8NalEHqg5My7PzmK97eh6ap jS4P4LqdRigTvRMq3eDVh/4Lie+/39nXwdQI6czETvTYzi+iA6k3q1Lsf2eIYzCf 0y4YTKEwIze05Q45YqbbnRDfVGOKtfZOcFVYsMxYBHBMp6LDcLJ9i0+AORX2igoA dODLICbrHzexa682FDE2RGtgQOtS5k4LJLUggvSeOW/tXN+MovfVTjCIzJSKYltP eQm8gq3EajaRk4JQcYkxklalyOHVZpkg3+u6Az+xIY5nVVijkuGDqqiCoh62zmsE kSXZrfuJTIYWbIzpR23xVMyxWBcN4AXDE3xLeZajm0yGnAxpd8CGwb4FhgipcDVE wwazu76IYBPpP40AyBALO10aXhYjrI+Bj6zI+Ug3msXLhkeICtI= =WEmw -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0378",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "macos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "11.6.3",
         },
         {
            model: "mac os x",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.15.7",
         },
         {
            model: "macos",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "12.0.0",
         },
         {
            model: "mac os x",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.15.7",
         },
         {
            model: "mac os x",
            scope: "gte",
            trust: 1,
            vendor: "apple",
            version: "10.15",
         },
         {
            model: "macos",
            scope: "eq",
            trust: 1,
            vendor: "apple",
            version: "10.15.7",
         },
         {
            model: "macos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.3",
         },
         {
            model: "apple mac os x",
            scope: null,
            trust: 0.8,
            vendor: "アップル",
            version: null,
         },
         {
            model: "macos",
            scope: null,
            trust: 0.8,
            vendor: "アップル",
            version: null,
         },
         {
            model: "macos",
            scope: null,
            trust: 0.7,
            vendor: "apple",
            version: null,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Mickey Jin (@patch1t) of Trend Micro",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2022-22583",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 2.1,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 3.9,
                  id: "CVE-2022-22583",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "LOW",
                  trust: 1.9,
                  vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 2.1,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 3.9,
                  id: "VHN-411211",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "LOW",
                  trust: 0.1,
                  vectorString: "AV:L/AC:L/AU:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.8,
                  id: "CVE-2022-22583",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Local",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2022-22583",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "Low",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  author: "ZDI",
                  availabilityImpact: "NONE",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.8,
                  id: "CVE-2022-22583",
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 0.7,
                  userInteraction: "NONE",
                  vectorString: "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2022-22583",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "CVE-2022-22583",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "ZDI",
                  id: "CVE-2022-22583",
                  trust: 0.7,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202201-2412",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-411211",
                  trust: 0.1,
                  value: "LOW",
               },
               {
                  author: "VULMON",
                  id: "CVE-2022-22583",
                  trust: 0.1,
                  value: "LOW",
               },
            ],
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within PackageKit. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information in the context of the current user. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-01-26-2 macOS Monterey 12.2\n\nmacOS Monterey 12.2 addresses the following issues. \nInformation about the security content is also available at \nhttps://support.apple.com/HT213054. \n\nAMD Kernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22586: an anonymous researcher\n\nColorSync\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro\n\nCrash Reporter\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22578: an anonymous researcher\n\niCloud\nAvailable for: macOS Monterey\nImpact: An application may be able to access a user's files\nDescription: An issue existed within the path validation logic for\nsymlinks. \nCVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n(https://xlab.tencent.com)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto\n\nIOMobileFrameBuffer\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM)\nof MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri\n(@b1n4r1b01)\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs\n\nModel I/O\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted STL file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to access restricted files\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron\nHass (@ronhass7) of Perception Point\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22590: Toan Pham from Team Orca of Sea Security\n(security.sea.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may prevent\nContent Security Policy from being enforced\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22592: Prakash (@1lastBr3ath)\n\nWebKit Storage\nAvailable for: macOS Monterey\nImpact: A website may be able to track sensitive user information\nDescription: A cross-origin issue in the IndexDB API was addressed\nwith improved input validation. \nCVE-2022-22594: Martin Bajanik of FingerprintJS\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Tao Huang for their assistance. \n\nMetal\nWe would like to acknowledge Tao Huang for their assistance. \n\nPackageKit\nWe would like to acknowledge Mickey Jin (@patch1t), Mickey Jin\n(@patch1t) of Trend Micro for their assistance. \n\nWebKit\nWe would like to acknowledge Prakash (@1lastBr3ath) for their\nassistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0zEACgkQeC9qKD1p\nrhhFUw/+K0ImMkw8zCjqdJza05Y6mlSa2wAdoVQK4pywYylcWMzemOi9GStr1Tgq\nCmA7KFo2hPp/9kh6+SURi91WwUKdNHsDfasjNDqTTOJalQFuKB0erZgEpcprBnHE\nlzT2heSJDl58sMSn0hLlGIhLfc+4Ld29FKc3lmtBPGeKY3vUViHLN0s3sZj07twx\nEw7yYkDBkz/e2kGRDByWzmvsSQt+w7HMK+pN1m5CBTZdP8KAHVtbuv8BPtMHKwNJ\n1Kzo6nW4MJ9Eds63Lz4A37nqTNxmvsbf4zDSppwAp8NalEHqg5My7PzmK97eh6ap\njS4P4LqdRigTvRMq3eDVh/4Lie+/39nXwdQI6czETvTYzi+iA6k3q1Lsf2eIYzCf\n0y4YTKEwIze05Q45YqbbnRDfVGOKtfZOcFVYsMxYBHBMp6LDcLJ9i0+AORX2igoA\ndODLICbrHzexa682FDE2RGtgQOtS5k4LJLUggvSeOW/tXN+MovfVTjCIzJSKYltP\neQm8gq3EajaRk4JQcYkxklalyOHVZpkg3+u6Az+xIY5nVVijkuGDqqiCoh62zmsE\nkSXZrfuJTIYWbIzpR23xVMyxWBcN4AXDE3xLeZajm0yGnAxpd8CGwb4FhgipcDVE\nwwazu76IYBPpP40AyBALO10aXhYjrI+Bj6zI+Ug3msXLhkeICtI=\n=WEmw\n-----END PGP SIGNATURE-----\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            db: "PACKETSTORM",
            id: "165774",
         },
         {
            db: "PACKETSTORM",
            id: "165773",
         },
         {
            db: "PACKETSTORM",
            id: "165772",
         },
      ],
      trust: 2.7,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-411211",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2022-22583",
            trust: 4.4,
         },
         {
            db: "PACKETSTORM",
            id: "165774",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-16024",
            trust: 0.7,
         },
         {
            db: "ZDI",
            id: "ZDI-22-811",
            trust: 0.7,
         },
         {
            db: "CS-HELP",
            id: "SB2022012635",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.0400",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "165773",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "165772",
            trust: 0.2,
         },
         {
            db: "VULHUB",
            id: "VHN-411211",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "PACKETSTORM",
            id: "165774",
         },
         {
            db: "PACKETSTORM",
            id: "165773",
         },
         {
            db: "PACKETSTORM",
            id: "165772",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   id: "VAR-202201-0378",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T20:48:57.546000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "HT213056",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT213054",
         },
         {
            title: "Apple has issued an update to correct this vulnerability.",
            trust: 0.7,
            url: "https://support.apple.com/en-us/HT213055",
         },
         {
            title: "Apple macOS Fixes for permissions and access control issues vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179626",
         },
         {
            title: "POC",
            trust: 0.1,
            url: "https://github.com/jhftss/POC ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/AlphabugX/CVE-2022-23305 ",
         },
         {
            title: "CVE-2022-XXXX",
            trust: 0.1,
            url: "https://github.com/AlphabugX/CVE-2022-RCE ",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-noinfo",
            trust: 1,
         },
         {
            problemtype: "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
            trust: 0.8,
         },
         {
            problemtype: "CWE-668",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "https://support.apple.com/en-us/ht213055",
         },
         {
            trust: 2.4,
            url: "https://support.apple.com/en-us/ht213054",
         },
         {
            trust: 1.8,
            url: "https://support.apple.com/en-us/ht213056",
         },
         {
            trust: 1.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22583",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.0400",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/165774/apple-security-advisory-2022-01-26-4.html",
         },
         {
            trust: 0.6,
            url: "https://www.cybersecurity-help.cz/vdb/sb2022012635",
         },
         {
            trust: 0.6,
            url: "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37394",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2022-22583/",
         },
         {
            trust: 0.3,
            url: "https://support.apple.com/kb/ht201222",
         },
         {
            trust: 0.3,
            url: "https://www.apple.com/support/security/pgp/",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22593",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22579",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-30972",
         },
         {
            trust: 0.2,
            url: "https://xlab.tencent.com)",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22587",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22585",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "http://seclists.org/fulldisclosure/2022/jan/80",
         },
         {
            trust: 0.1,
            url: "https://github.com/jhftss/poc",
         },
         {
            trust: 0.1,
            url: "https://support.apple.com/ht213056.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-30946",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-30960",
         },
         {
            trust: 0.1,
            url: "https://support.apple.com/ht213055.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22586",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22584",
         },
         {
            trust: 0.1,
            url: "https://support.apple.com/ht213054.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22591",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22594",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22589",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22590",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22578",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2022-22592",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "PACKETSTORM",
            id: "165774",
         },
         {
            db: "PACKETSTORM",
            id: "165773",
         },
         {
            db: "PACKETSTORM",
            id: "165772",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            db: "PACKETSTORM",
            id: "165774",
         },
         {
            db: "PACKETSTORM",
            id: "165773",
         },
         {
            db: "PACKETSTORM",
            id: "165772",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
         {
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-06-02T00:00:00",
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            date: "2022-03-18T00:00:00",
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            date: "2022-03-18T00:00:00",
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            date: "2023-07-28T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            date: "2022-01-31T15:46:38",
            db: "PACKETSTORM",
            id: "165774",
         },
         {
            date: "2022-01-31T15:46:23",
            db: "PACKETSTORM",
            id: "165773",
         },
         {
            date: "2022-01-31T15:46:05",
            db: "PACKETSTORM",
            id: "165772",
         },
         {
            date: "2022-01-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
         {
            date: "2022-03-18T18:15:12.317000",
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-06-02T00:00:00",
            db: "ZDI",
            id: "ZDI-22-811",
         },
         {
            date: "2022-11-02T00:00:00",
            db: "VULHUB",
            id: "VHN-411211",
         },
         {
            date: "2023-08-08T00:00:00",
            db: "VULMON",
            id: "CVE-2022-22583",
         },
         {
            date: "2023-07-28T05:35:00",
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
         {
            date: "2022-03-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
         {
            date: "2024-11-21T06:47:04.090000",
            db: "NVD",
            id: "CVE-2022-22583",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Apple  Vulnerability related to resource disclosure to the wrong area in the product",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2022-008590",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "permissions and access control issues",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202201-2412",
         },
      ],
      trust: 0.6,
   },
}

ghsa-fqhm-44xp-628c

Vulnerability from github

Published

2022-03-19 00:00

Modified

2022-03-29 00:01

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2022-22583",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-668",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2022-03-18T18:15:00Z",
      severity: "MODERATE",
   },
   details: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
   id: "GHSA-fqhm-44xp-628c",
   modified: "2022-03-29T00:01:35Z",
   published: "2022-03-19T00:00:58Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2022-22583",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/en-us/HT213054",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/en-us/HT213055",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/en-us/HT213056",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
         type: "CVSS_V3",
      },
   ],
}

fkie_cve-2022-22583

Vulnerability from fkie_nvd

Published

2022-03-18 18:15

Modified

2024-11-21 06:47

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213054	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213055	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213056	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213054	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213055	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213056	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	macos	*
apple	macos	*
apple	macos	10.15.7

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
                     versionEndExcluding: "10.15.7",
                     versionStartIncluding: "10.15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                     matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                     matchCriteriaId: "D425C653-37A2-448C-BF2F-B684ADB08A26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                     matchCriteriaId: "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
                     matchCriteriaId: "3456176F-9185-4EE2-A8CE-3D989D674AB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
                     matchCriteriaId: "D337EE21-2F00-484D-9285-F2B0248D7A19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
                     matchCriteriaId: "012052B5-9AA7-4FD3-9C80-5F615330039D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
                     matchCriteriaId: "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
                     matchCriteriaId: "8E974DC6-F7D9-4389-9AF9-863F6E419CE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6846D174-7E4E-4ADC-BEEB-71BD3C15EBFC",
                     versionEndExcluding: "11.6.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9422A022-F279-4596-BC97-3223611D73DC",
                     versionEndExcluding: "12.3",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:10.15.7:-:*:*:*:*:*:*",
                     matchCriteriaId: "B711B29C-E487-48A7-8984-CF8B203B919D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.",
      },
      {
         lang: "es",
         value: "Se abordó un problema de permisos con una comprobación mejorada. Este problema es corregido en Security Update 2022-001 Catalina, macOS Monterey versión 12.2, macOS Big Sur versión 11.6.3. Una aplicación podría acceder a archivos restringidos",
      },
   ],
   id: "CVE-2022-22583",
   lastModified: "2024-11-21T06:47:04.090",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-18T18:15:12.317",
   references: [
      {
         source: "product-security@apple.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213054",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213055",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213056",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213054",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213055",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213056",
      },
   ],
   sourceIdentifier: "product-security@apple.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-22583

Vulnerability from cvelistv5

WID-SEC-W-2023-1213

Vulnerability from csaf_certbund

wid-sec-w-2023-1213

Vulnerability from csaf_certbund

gsd-2022-22583

Vulnerability from gsd

var-202201-0378

Vulnerability from variot

ghsa-fqhm-44xp-628c

Vulnerability from github

fkie_cve-2022-22583

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature