CVE-2022-22674

Published on: Not Yet Published

Last Modified on: 06/08/2022 02:43:00 AM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Macos from Apple contain the following vulnerability:

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

  • CVE-2022-22674 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo Apple - macOS version < 12.3
  • Affected Vendor/Software: URL Logo Apple - macOS version < 2022
  • Affected Vendor/Software: URL Logo Apple - macOS version < 11.6

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE NONE NONE

CVE References

Description Tags Link
About the security content of Security Update 2022-004 Catalina - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213255
About the security content of macOS Monterey 12.3.1 - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213220
About the security content of macOS Big Sur 11.6.6 - Apple Support support.apple.com
text/html
URL Logo MISC support.apple.com/en-us/HT213256

Related QID Numbers

  • 376509 Apple MacOS Monterey 12.3.1 Not Installed (HT213220)
  • 376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
  • 376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
AppleMacosAllAllAllAll
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
AppleMac Os X10.15.7-AllAll
Operating
System
AppleMac Os X10.15.7security_update_2020AllAll
Operating
System
AppleMac Os X10.15.7security_update_2020-001AllAll
Operating
System
AppleMac Os X10.15.7security_update_2020-005AllAll
Operating
System
AppleMac Os X10.15.7security_update_2020-007AllAll
Operating
System
AppleMac Os X10.15.7security_update_2021-001AllAll
Operating
System
AppleMac Os X10.15.7security_update_2021-002AllAll
Operating
System
AppleMac Os X10.15.7security_update_2021-003AllAll
Operating
System
AppleMac Os X10.15.7security_update_2021-006AllAll
Operating
System
AppleMac Os X10.15.7security_update_2021-007AllAll
Operating
System
AppleMac Os X10.15.7security_update_2021-008AllAll
Operating
System
AppleMac Os X10.15.7security_update_2022-001AllAll
Operating
System
AppleMac Os X10.15.7security_update_2022-002AllAll
Operating
System
AppleMac Os X10.15.7security_update_2022-003AllAll
Operating
System
AppleMac Os X10.15.7supplemental_updateAllAll
  • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @revskills CVE-2022-22675 AppleAVD and CVE-2022-22674 Intel Graphics Driver. Apple is aware of a report that this issue may ha… twitter.com/i/web/status/1… 2022-03-31 17:37:45
Twitter Icon @ApplSec ? ZERO-DAY DETAILS: - CVE-2022-22675 in AppleAVD - CVE-2022-22674 in Intel Graphics Driver 2022-03-31 17:40:32
Twitter Icon @aaronjschaffer ?Apple releases MacOS 12.3.1 and iOS 15.4.1, says they fix zero-day vulnerabilities CVE-2022-22674 and CVE-2022-226… twitter.com/i/web/status/1… 2022-03-31 17:50:01
Twitter Icon @antoniozekic CVE-2022-22674 - Apple is aware of a report that this issue may have been actively exploited. Intel Graphics Driver... 2022-03-31 17:51:10
Twitter Icon @vulmoncom Apple published 2 new CVEs Issues may have been actively exploited? CVE-2022-22674: vulmon.com/vulnerabilityd… CVE-2… twitter.com/i/web/status/1… 2022-03-31 17:57:17
Twitter Icon @campuscodi Apple has released security updates today, including fixes for two zero-days in iOS and macOS CVE-2022-22674 & CVE… twitter.com/i/web/status/1… 2022-03-31 18:25:36
Twitter Icon @soheilhashemi_ #اپل جهت رفع دو اسیب پذیری برای محصولات خودش اپدیت امنیتی اضطراری را منتشر کرده است. (CVE-2022-22674) allows apps t… twitter.com/i/web/status/1… 2022-03-31 18:27:55
Twitter Icon @gvarisco macOS Monterey 12.3.1 is also out. In addition to CVE-2022-22675, it also fixes CVE-2022-22674 (an out-of-bounds re… twitter.com/i/web/status/1… 2022-03-31 18:50:55
Twitter Icon @yipcw Apple emergency update fixes zero-days used to hack iPhones, Macs CVE-2022-22674 CVE-2022-22675 iOS 15.4.1, iPadOS… twitter.com/i/web/status/1… 2022-03-31 20:44:02
Twitter Icon @ohhara_shiojiri "CVE-2022-22674 and CVE-2022-22675 are the fourth and fifth zero-days Apple has patched this year." 2022-04-01 01:19:16
Twitter Icon @SecurityWeek Apple Releases Emergency Patches for 'Actively Exploited' macOS, iOS Flaws: securityweek.com/apple-ships-em… (CVE-2022-22675 and CVE-2022-22674) 2022-04-01 01:27:40
Twitter Icon @the_yellow_fall CVE-2022-22674 & CVE-2022-22675: zero-day vulnerabilities affect iPhones, iPads, and Macs securityonline.info/cve-2022-22674…twitter.com/i/web/status/1… 2022-04-01 02:52:01
Twitter Icon @AcooEdi CVE-2022-22674 & CVE-2022-22675: zero-day vulnerabilities affect iPhones, iPads, and Macs dlvr.it/SMlZLV v… twitter.com/i/web/status/1… 2022-04-01 02:53:34
Twitter Icon @huzeyfeonal Apple kullanıcıları için ACİL yama vakti! #CVE-2022-22674 #CVE-2022-22675 lnkd.in/eczTygDe lnkd.in/eHVKFJ9s 2022-04-01 04:19:33
Twitter Icon @Fahad_Alduraibi شركة ابل تصدر تحديث جديد لمعالجة ثغرتين 0day مستغله حالياً في انظمة iPhone, iPad , Mac CVE-2022-22674 & CVE-2022-2… twitter.com/i/web/status/1… 2022-04-01 04:52:26
Twitter Icon @ipssignatures The vuln CVE-2022-22674 has a tweet created 0 days ago and retweeted 10 times. twitter.com/SecurityWeek/s… #pow1rtrtwwcve 2022-04-01 06:06:00
Twitter Icon @DCLSearch Apple emergency update fixes zero-days used to hack iPhones, Macs (CVE-2022-22674) and (CVE-2022-22675)… twitter.com/i/web/status/1… 2022-04-01 07:38:01
Twitter Icon @PentestingN CVE-2022-22674 & CVE-2022-22675: zero-day vulnerabilities affect iPhones, iPads, and Macs securityonline.info/cve-2022-22674…twitter.com/i/web/status/1… 2022-04-01 09:14:11
Twitter Icon @RedPacketSec Apple macOS Monterey 12.3.1-CVE-2022-22674 - redpacketsecurity.com/apple-macos-mo… 2022-04-01 10:02:04
Reddit Logo Icon /r/vulnintel Apple published 2 new actively exploited CVEs 2022-03-31 17:57:19
Reddit Logo Icon /r/apple iOS/iPadOS 15.4.1 and macOS 12.3.1 patches vulnerabilities that may have been actively exploited 2022-03-31 17:47:44
Reddit Logo Icon /r/macbookpro Apple releases macOS 12.3.1 2022-03-31 22:44:00
Reddit Logo Icon /r/macbook Apple releases macOS Monterey 12.3.1 2022-03-31 22:42:37
Reddit Logo Icon /r/cyber1sec14all Update your iPhone as soon as possible 2022-04-01 22:20:01
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities Vulnerability in Apple Products Could Allow for Local Code Execution - PATCH: NOW 2022-04-04 13:35:15
Reddit Logo Icon /r/cyber1sec14all Apple fixed 0-day vulnerabilities. Well, some of them 2022-04-07 17:47:56
Reddit Logo Icon /r/k12cybersecurity MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-05-17 13:11:14
Reddit Logo Icon /r/k12cybersecurity UPDATED MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW 2022-05-18 14:59:44
Reddit Logo Icon /r/netcve CVE-2022-22674 2022-05-26 19:38:43
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report