Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial

Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

Apple has released a critical update for macOS Monterey that addresses two zero-day vulnerabilities with 11 other flaws.

One of the zero-day vulnerabilities is a memory corruption flaw in the IOMobileFrameBuffer component, which has been assigned CVE-2022-22587. An attacker could take advantage of this flaw by writing a specially designed application that allows them to run arbitrary code with kernel privileges. This is also been actively exploited in the wild

Another zero-day vulnerability is a cross-origin vulnerability exists due to incorrect implementation of the IndexDB API and has been assigned CVE-2022-22594. An attacker can exploit this input validation flaw using a malicious website to track users’ online activity in the web browser and reveal their identity. This issue affects the ‘WebKit Storage’ component of the Safari and has been resolved in the latest version 15.3. This vulnerability, according to Apple, might be exploited in the wild.

The other Eleven flaws fixed in this update includes:

CVE-2022-22587- A memory corruption vulnerability in the IOMobileFrameBuffer component CVE-2022-22594- A cross-origin vulnerability in the IndexDB API in the WebKit Storage component CVE-2022-22586- An out-of-bounds write vulnerability in the AMD Kernel component CVE-2022-22584- A memory corruption vulnerability in the ColorSync component CVE-2022-22578- A logic vulnerability in the Crash Reporter component CVE-2022-22585- A vulnerability existed within the path validation logic for symlinks in iCloud CVE-2022-22591- A memory corruption vulnerability in the Intel Graphics Driver component CVE-2022-22593- A buffer overflow vulnerability in the Kernel component CVE-2022-22579- An information disclosure vulnerability in the Model I/O component CVE-2022-22583- A permissions vulnerability in the PackageKit component CVE-2022-22589- A validation vulnerability in the WebKit component CVE-2022-22590- A use after free vulnerability in the WebKit component CVE-2022-22592- A logic vulnerability in the WebKit component

All these vulnerabilities have been fixed in macOS Monterey version 12.2

Vulnerability Details

 

Patch Link

https://support.apple.com/en-us/HT213054

References

https://www.cybersecurity-help.cz/vdb/SB2022012635

https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

 

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox