Navigation
Recherche
|
Update to macOS Monterey Fixes Safari Leak
mercredi 26 janvier 2022, 22:33 , par TheMacObserver
Along with its release of iOS and iPadOS 15.3, watchOS 8.4, and more, Apple today began rolling out macOS Monterey 12.2 to all customers. The most notable fix in the update resolves an issue that let Safari leak sensitive information between web pages.
WebKit Storage Bug Caused Safari Leak In the release notes, Apple points out a cross-origin issue in the IndexDB API. Identified as CVE-2022-22594 and reported by Martin Bajanik of FingerprintJS, the bug allowed websites to track sensitive user information across different sites. According to Apple, improved input validation resolved the issue. Testers at 9to5Mac confirmed the bug no longer affects Safari on macOS as of the Release Candidate distributed last week. Apple also patched three other security issues in WebKit. These include issues allowing maliciously crafted emails and web content allowing arbitrary code execution as well as entering with Content Security Policies. Other Resolved Issues in macOS Monterey 12.2 The number of bugs fixed by macOS Monterey 12.2 is a fairly extensive list, so installing the update as soon as possible would be a great idea. Do so by going to System Preferences > Software Update and clicking Update Now. If it doesn’t appear right away, you may have to refresh Software Update to make it show up. Here’s the complete list of security fixes found in the latest update. AMD Kernel Impact: A malicious application may be able to execute arbitrary code with kernel privileges CVE-2022-22586: an anonymous researcher ColorSync Impact: Processing a maliciously crafted file may lead to arbitrary code execution CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Impact: A malicious application may be able to gain root privileges CVE-2022-22578: an anonymous researcher iCloud Impact: An application may be able to access a user’s files CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) Intel Graphics Driver Impact: A malicious application may be able to execute arbitrary code with kernel privileges CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto IOMobileFrameBuffer Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition – Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01) Kernel Impact: A malicious application may be able to execute arbitrary code with kernel privileges CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro PackageKit Impact: An application may be able to access restricted files CVE-2022-22583: an anonymous researcher, Mickey Jin (@patch1t), Ron Hass (@ronhass7) of Perception Point WebKit Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Impact: A website may be able to track sensitive user information CVE-2022-22594: Martin Bajanik of FingerprintJS Tags: macOS Monterey, software update
https://www.macobserver.com/news/update-to-macos-monterey-fixes-safari-leak/?utm_source=macobserver&...
|
59 sources (15 en français)
Date Actuelle
ven. 19 avril - 03:09 CEST
|