This issue was addressed by preventing arbitrary file write access. This issue was addressed with improved file handling.

Malicious apps may be able to create arbitrary directories in the user's home directory. This issue was addressed with improved directory handling.

This issue was addressed by disabling the “Allow Downloads From Any Source” option in the System Preferences.

This issue was addressed with improved app handling.

File System permissions may be set incorrectly. This issue was addressed with improved permission handling.

This issue was addressed by encrypting file system directories. An attacker may be able to read data from encrypted directories. An attacker may be able to write data to encrypted directories. This issue did not allow an attacker to modify data on encrypted directories. This issue did not allow an attacker to create a new directory on an encrypted directory.

This issue was addressed by disabling the “Allow Access To Files & Directories In The Home Directory” option in System Preferences.
Incorrect file permissions may allow an attacker to execute arbitrary code as root. This issue was addressed with improved permission handling. An attacker may be able to access system data. This issue did not allow an attacker to modify system data. This issue did not allow an attacker to access any data outside of the user's home directory. This issue did not allow an attacker to create a new system user

Installation of new software

This issue was addressed with improved software installation.

Sensitive Data Exposure

Malicious apps may be able to obtain sensitive data. This issue was addressed with improved app handling.

An attacker may be able to escalate privileges. This issue was addressed with improved privilege handling.

Installation of third party app may allow for unauthorized access to the system

This issue was addressed with improved app handling.

This issue was addressed by disabling the “Allow Access To Files & Directories In The Home Directory” option in System Preferences.
Incorrect file permissions may allow an attacker to execute arbitrary code as root. This issue was addressed with improved permission handling. An attacker may be able to access system data. This issue did not allow an attacker to modify system data. This issue did not allow an attacker to access any data outside of the user's home directory. This issue did not allow an attacker to create a new system user

Other Issues

An attacker may be able to cause a denial of service with malicious software. This issue was addressed with improved resource handling.
An attacker may be able to modify system files. This issue was addressed with improved file handling.
An attacker may be able to access the user's keychain without the user's knowledge. This issue was addressed with improved keychain handling.

Timeline

Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 18:46:00 UTC

References