July 21, 2022
Apple’s security response team has released software updates for at least 127 software vulnerabilities affecting several Apple products.
Some of these vulnerabilities may lead to remote code execution.
The Critical Vulnerabilities
- CVE-2022-32832 – An APFS vulnerability might allow an app with root privileges to execute arbitrary code with kernel privileges.
- CVE-2022-32788 – A buffer overflow vulnerability Allowing a remote user to execute kernel code using Apple AVD.
- CVE-2022-32826 – An authorization flaw lets an app to get root privileges through the AppleMobileFileIntegrity kernel extension.
- CVE-2022-32820 – An out-of-bounds write vulnerability allows an app to execute arbitrary code with kernel privileges through the audio extension.
- CVE-2022-32839 – A vulnerability in the CoreText extension allows a remote user to cause an unexpected app termination or arbitrary code execution.
- macOS Big Sur prior to version 11.6.8.
- macOS Monterey prior to version 12.5.
- macOS Catalina prior versions.
- iOS and iPadOS prior to version 15.6.
- Safari for macOS Big Sur and macOS Catalina prior to version 15.6.
CYREBRO recommends updating relevant products up to the latest available releases in accordance with Apple’s advisory.
References: Apple Security Updates