Impact: A remote attacker may be able to cause unexpected application termination or heap corruptionĭescription: Multiple integer overflows were addressed with improved input validation.ĬVE-2020-27906: Zuozhi Fan of Ant Group Tianqiong Security Lab Impact: An application may be able to read restricted memoryĬVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Impact: A malicious application may be able to read restricted memoryĭescription: An out-of-bounds read was addressed with improved bounds checking.ĬVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Impact: Processing a maliciously crafted audio file may lead to arbitrary code executionĭescription: An out-of-bounds read was addressed with improved input validation.ĬVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Labĭescription: An out-of-bounds write was addressed with improved input validation.ĬVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab Impact: An application may be able to gain elevated privilegesĭescription: This issue was addressed by removing the vulnerable code.ĬVE-2020-27903: Zhipeng Huo of Tencent Security Xuanwu Lab Impact: A malicious application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue was addressed with improved input validation.ĬVE-2020-27914: Yu Wang of Didi Research AmericaĬVE-2020-27915: Yu Wang of Didi Research America "The previous three actively exploited vulnerabilities were each patched simultaneously for Monterey, Big Sur, and Catalina."Īpple did not respond to a request to explain why it has left older macOS installations without updates for these particular issues.Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) "This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina," said Long. This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina The Intel Graphics Driver flaw, he said, looks like it affects both Big Sur and Catalina. The AppleAVD issue is unpatched for macOS Big Sur, said Joshua Long, chief security analyst for Intego, while Catalina isn't affected because it lacks the AppleAVD component for decoding audio and video. In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 (AppleAVD bug) and CVE-2022-22674 (Intel Graphics Driver bug) in macOS Monterey were not backported to macOS Big Sur or macOS Catalina. Apple last week patched two actively exploited vulnerabilities in macOS Monterey yet has left users of older supported versions of its desktop operating system unprotected.
0 kommentar(er)
