This can be exploited to perform a denial of service or possibly launch additional attacks. This issue does not affect Macs that are running a supported version of macOS.
Memory corruption issues were addressed with improved memory handling. These issues may be exploitable through memory-redirection attacks.
We were informed of a parsing issue in Fonts. This issue may allow a maliciously crafted font file to bypass security restrictions and lead to information disclosure. This issue has been addressed through improved file validation.
An issue was identified where the Intel Graphics was not properly unloading memory. This issue may allow an attacker to run code on the affected system. This issue has been addressed through improved memory handling.
An issue was identified in the PDF Reader where cross-origin data theft may occur. This issue may allow an attacker to run code on the affected system. This issue has been addressed through improved security handling of cross-origin data.
An issue was identified where a race condition existed in the handling of input focus. An attacker may be able to force an application to access data outside of its intended scope. This issue has been addressed with improved input validation.
An issue was identified in the handling of H.264 streams where memory may be accessed before being allocated. An attacker may be able to run code on the affected system. This issue has been addressed through improved memory handling.
Update macOS to the latest version
A vulnerability was discovered in the kernel that could lead to a denial-of-service or potentially allow for remote code execution. This issue does not affect Macs that are running a supported version of macOS.
This update addresses memory corruption issues. These issues may be exploitable through memory-redirection attacks. We were informed of a parsing issue in Fonts. This issue may allow a maliciously crafted font file to bypass security restrictions and lead to information disclosure. This issue has been addressed through improved file validation.
Update in this release
An issue was identified where a race condition existed in the handling of input focus. An attacker may be able to force an application to access data outside of its intended scope. This issue has been addressed with improved input validation.
An issue was identified in the handling of H.264 streams where memory may be accessed before being allocated. An attacker may be able to run code on the affected system. This issue has been addressed through improved memory handling.
Timeline
Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 19:27:00 UTC