Hello, welcome to the Tuesday, May 17, 2022 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Apple today released updates for pretty much everything in its portfolio, it's macOS operating systems,

Catalina, Bixer, and Monoray, TVOS, iPadOS, iOS, iOS,

watchOS, so every Apple product should be updated.

We've got a total of 86 different vulnerabilities.

Now, among interesting vulnerabilities is, first of all, CVE

2020-22675. This vulnerability is an out-of-bounds right issue and it allows an application

to execute arbitrary code with kernel privileges.

So what this comes down to essentially approach escalation vulnerability.

If someone is able to run code in your system, they're able to do so with kernel privileges.

This vulnerability was actually patched in Catalina in April, and now we get the patch for Bixer as well.

There was a little bit confusion back then why Apple didn't immediately come up with a patch

for the older operating systems.

I guess we got that patch now.

Lots of approach escalation vulnerabilities, lots of issues in open source software like Apache, SIP, CLEP, OpenSSL, and others are being addressed here.

A couple other sort of interesting vulnerabilities. One fixes a problem with software update, and this vulnerability could be used to access restricted files.

Also quite a few Wi-Fi vulnerabilities.

For the most part, I would create them as privilege escalation vulnerabilities, some denial

of service vulnerabilities.

For example, one of the vulnerabilities would allow an application

to execute operator code with system privileges. I rated this as approach escalation

vulnerability. It doesn't look like an attacker would, for example, be able to send data

...