-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1
macOS Big Sur 11.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213493. AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022 Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022 ppp Available for: macOS Big Sur Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022 Ruby Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739 Sandbox Available for: macOS Big Sur Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher zlib Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022 macOS Big Sur 11.7.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpcACgkQ4RjMIDke Nxm0fxAA1SrPLykU4CHK4xqNKClIMeYiTBEmS55x9GD/n79iH4VDOyeq+Z/Id0u/ AJab2VTWkMfd8FJv1l4VK/mH2gkmfbEOww0oCsoUoX2GNKXbHR7ob01i8oHYZRVU ehECiEME262zsmxb5q7qf/debKbnTPimtZ9QKGeHbQX6oKziWQHXov44eDfOQLY/ n8A2Qh49eQO8qsGTAIUBJ9gAeUSU5PzGpys47FRf4+HE7j39VvDPknkvngR4KtWY 61Wd7H8yhnUSkXr0lxMEl/xl5fIUAupIE1R1a2cdFXEMQLIaCO5KCZahCIm2y2Mi hzhHuhYTbKJEmCyvnwhcrw5kj4vVRbuTYFXnu1hUB5WWvQrIH//KDqtzcObT+IxK XC8okr1aw9w0whny/Xjo+6ahD8o3kvNyU2bbkcAryvhVICXRNNXaylkRB6Ffrprz 766HoJ2OOhdT0XS2ETNNqPiG5v4PmsrgzHfH/drT0LEx+N8ju8NC9moNYHnVxtnE S8ZTqXgJnlexdnsXPOOkj/bMZDY3mrqGsGrNX6VQ7o1C6n6zyQ9uCLccn16csFkM jG2fNgFAeLQM/AabfxDgdJSJYoaXhGgu+Dt0aCQ9EUEGDLJrU+ii9dUsrTA2W0ME XxDWQI+NWYfiZkmIJzPtROlMVcqWHd4I0Xo8HpTpZh+h0xlsANw= =rV2j -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
