Apple released security updates to address multiple vulnerabilities reported in its products.
• Multiple vulnerabilities have been reported in Apple products which could allow an attacker to escalate privileges, execute arbitrary code, disclose sensitive information, and bypass security restriction on the targeted system.
• These vulnerabilities exist in Apple products due to logic issue in Safari Extensions, ATS, Maps, PackageKit and Shortcuts component; buffer overflow issue, out-of bounds read issue and Improper UI handling issue in WebKit component; out-of bounds write issue and improper memory handling issue in Kernel component; memory corruption issue in MediaLibrary component & improper checks issue in contacts component.
• A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application.
• Successful exploitation of these vulnerabilities could allow the attacker to gain elevated privileges, execute arbitrary code, disclose sensitive information, and bypass security restriction on the targeted system.
• Apple security researchers have traced and are aware of one of these, tracked as CVE-2022-32917, which is actively exploited, and can be used to allow malicious applications to execute arbitrary code with kernel privileges.