Apple releases macOS Monterey 12.2 to fix multiple vulnerabilities

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

Apple has released a critical update for macOS Monterey that addresses two zero-day vulnerabilities with 11 other flaws.

One of the zero-day vulnerabilities is a memory corruption flaw in the IOMobileFrameBuffer component, which has been assigned CVE-2022-22587. An attacker could take advantage of this flaw by writing a specially designed application that allows them to run arbitrary code with kernel privileges. This is also been actively exploited in the wild

Another zero-day vulnerability is a cross-origin vulnerability exists due to incorrect implementation of the IndexDB API and has been assigned CVE-2022-22594. An attacker can exploit this input validation flaw using a malicious website to track users’ online activity in the web browser and reveal their identity. This issue affects the ‘WebKit Storage’ component of the Safari and has been resolved in the latest version 15.3. This vulnerability, according to Apple, might be exploited in the wild.

The other Eleven flaws fixed in this update includes:

CVE-2022-22587- A memory corruption vulnerability in the IOMobileFrameBuffer component CVE-2022-22594- A cross-origin vulnerability in the IndexDB API in the WebKit Storage component CVE-2022-22586- An out-of-bounds write vulnerability in the AMD Kernel component CVE-2022-22584- A memory corruption vulnerability in the ColorSync component CVE-2022-22578- A logic vulnerability in the Crash Reporter component CVE-2022-22585- A vulnerability existed within the path validation logic for symlinks in iCloud CVE-2022-22591- A memory corruption vulnerability in the Intel Graphics Driver component CVE-2022-22593- A buffer overflow vulnerability in the Kernel component CVE-2022-22579- An information disclosure vulnerability in the Model I/O component CVE-2022-22583- A permissions vulnerability in the PackageKit component CVE-2022-22589- A validation vulnerability in the WebKit component CVE-2022-22590- A use after free vulnerability in the WebKit component CVE-2022-22592- A logic vulnerability in the WebKit component

All these vulnerabilities have been fixed in macOS Monterey version 12.2

Vulnerability Details


Patch Link



What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox