Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed with improved state management.
CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro
PackageKit
Available for: macOS Catalina
Impact: An application may be able to access restricted files
Description: A permissions issue was addressed with improved validation.
CVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point, Mickey Jin (@patch1t)
Sandbox
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy preferences
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30946: an anonymous researcher, @gorelics
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09), and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Wojciech Reguła (@_r3ggi), jhftss (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security
