var-202203-0127
Vulnerability from variot
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data. Information about the security content is also available at https://support.apple.com/HT213184.
Accelerate Framework Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Big Sur Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22615: an anonymous researcher CVE-2022-22614: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Login Window Available for: macOS Big Sur Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Big Sur Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
PackageKit Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Siri Available for: macOS Big Sur Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
xar Available for: macOS Big Sur Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
macOS Big Sur 11.6.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p rhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z xh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC VpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA pEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk M5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA X8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X 6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7 l1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p 1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc 6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV x/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU= =nZ2X -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0127", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "12.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.6.5" }, { "model": "macos", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "11.6" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.15" }, { "model": "macos", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.15.7" }, { "model": "macos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.3" }, { "model": "macos", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "apple mac os x", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "NVD", "id": "CVE-2022-22650" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "166315" }, { "db": "PACKETSTORM", "id": "166312" } ], "trust": 0.2 }, "cve": "CVE-2022-22650", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2022-22650", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.9, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-411278", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2022-22650", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-22650", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-22650", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-22650", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202203-1250", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-411278", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2022-22650", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-411278" }, { "db": "VULMON", "id": "CVE-2022-22650" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "CNNVD", "id": "CNNVD-202203-1250" }, { "db": "NVD", "id": "CVE-2022-22650" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application\u0027s permissions and access user data. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213184. \n\nAccelerate Framework\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Big Sur\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22615: an anonymous researcher\nCVE-2022-22614: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSiri\nAvailable for: macOS Big Sur\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nxar\nAvailable for: macOS Big Sur\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nmacOS Big Sur 11.6.5 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0MkACgkQeC9qKD1p\nrhjeyBAAwbocibmTCpZ1T8MzPHJGuJryh7RDG8+nMJxmntI+3gA0SeFAxuNuXf2Z\nxh+NhEwjm60gzLAdckjfT5iF1YAPxUDWnk0FRVxhqZ4g8FvdmTxgAn5rwWWUuBBC\nVpW5XONija+SY3yNX3blklg95FyO8ITlqwyy5/Fqr0OFTvnA8TKRXrZRmA/gypnA\npEqR0WaQdL8ITFEbv9+INAV2geFBbEWPvifycbYSvrDWo9JPq05Ur0hz7o2kJYfk\nM5PZachAGeCOR3E2ixfIczW0QNbDsoyKqLBjRzFovqWhcOwQ+17yVeuj/mDFXOkA\nX8FSxnad7C76xH+LcnZE/WV+qcv5G3QufpK5kZULWoQTLdKuB7yQZYF19T4+8H4X\n6qDl5ZYL81h9rfIHYwbGZp0aRmqsu6pmleQ970qrkFzn/ZHf0KdAwms0+BOR8jZ7\nl1w71ADm7uLJCs+nZ/lxv3wLYEva+TfGfIGnFULcL4dVPqbDOC6hH3Xm8VelVF0p\n1/0Bfbfg4ou3vP1LqTY/ODdRnAhVCCGiv9PFcAFJriOoQgYYcVYQYwa2dA5Xdijc\n6KVOzadvxCt1Ewj8nNYRJrfe/H6pjj2cFbWbKevqtRlQeeca7j17srbOnt9mmJMV\nx/d73AkuCyfOdeX8fac83TWMhhBaCg5JwsO7cO7eXwIOsiSDZXU=\n=nZ2X\n-----END PGP SIGNATURE-----\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2022-22650" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "VULHUB", "id": "VHN-411278" }, { "db": "VULMON", "id": "CVE-2022-22650" }, { "db": "PACKETSTORM", "id": "166315" }, { "db": "PACKETSTORM", "id": "166312" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-22650", "trust": 3.6 }, { "db": "PACKETSTORM", "id": "166315", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-009147", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022031435", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202203-1250", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166312", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-411278", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-22650", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411278" }, { "db": "VULMON", "id": "CVE-2022-22650" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "PACKETSTORM", "id": "166315" }, { "db": "PACKETSTORM", "id": "166312" }, { "db": "CNNVD", "id": "CNNVD-202203-1250" }, { "db": "NVD", "id": "CVE-2022-22650" } ] }, "id": "VAR-202203-0127", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-411278" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:13:21.815000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT213185", "trust": 0.8, "url": "https://support.apple.com/en-us/HT213183" }, { "title": "Apple macOS Big Sur Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186768" }, { "title": "Apple: macOS Big Sur 11.6.5", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4c90c4b83ae5b2687f4b5d9d71e49f12" }, { "title": "Apple: macOS Monterey 12.3", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/AlphabugX/CVE-2022-RCE " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-22650" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "CNNVD", "id": "CNNVD-202203-1250" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-281", "trust": 1.1 }, { "problemtype": "Improper retention of permissions (CWE-281) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-411278" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "NVD", "id": "CVE-2022-22650" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://support.apple.com/en-us/ht213184" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht213183" }, { "trust": 1.8, "url": "https://support.apple.com/en-us/ht213185" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22650" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166315/apple-security-advisory-2022-03-14-5.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-22650/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031435" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616" }, { "trust": 0.2, "url": "https://support.apple.com/en-us/ht201222." }, { "trust": 0.2, "url": "https://support.apple.com/downloads/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22661" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22617" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22638" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22631" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22647" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22648" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22656" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/281.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht213184" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22633" }, { "trust": 0.1, "url": "https://support.apple.com/ht213184." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22632" }, { "trust": 0.1, "url": "https://support.apple.com/ht213185." } ], "sources": [ { "db": "VULHUB", "id": "VHN-411278" }, { "db": "VULMON", "id": "CVE-2022-22650" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "PACKETSTORM", "id": "166315" }, { "db": "PACKETSTORM", "id": "166312" }, { "db": "CNNVD", "id": "CNNVD-202203-1250" }, { "db": "NVD", "id": "CVE-2022-22650" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-411278" }, { "db": "VULMON", "id": "CVE-2022-22650" }, { "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "db": "PACKETSTORM", "id": "166315" }, { "db": "PACKETSTORM", "id": "166312" }, { "db": "CNNVD", "id": "CNNVD-202203-1250" }, { "db": "NVD", "id": "CVE-2022-22650" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-18T00:00:00", "db": "VULHUB", "id": "VHN-411278" }, { "date": "2022-03-18T00:00:00", "db": "VULMON", "id": "CVE-2022-22650" }, { "date": "2023-08-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "date": "2022-03-15T15:46:38", "db": "PACKETSTORM", "id": "166315" }, { "date": "2022-03-15T15:45:47", "db": "PACKETSTORM", "id": "166312" }, { "date": "2022-03-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-1250" }, { "date": "2022-03-18T18:15:14.677000", "db": "NVD", "id": "CVE-2022-22650" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-11-02T00:00:00", "db": "VULHUB", "id": "VHN-411278" }, { "date": "2022-11-02T00:00:00", "db": "VULMON", "id": "CVE-2022-22650" }, { "date": "2023-08-03T06:54:00", "db": "JVNDB", "id": "JVNDB-2022-009147" }, { "date": "2022-03-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-1250" }, { "date": "2024-11-21T06:47:12.423000", "db": "NVD", "id": "CVE-2022-22650" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-1250" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Apple\u00a0 Product Improper Retention of Permissions Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-009147" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-1250" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.