Out-of-bounds reads may also occur during parsing of crafted AppleScript if the script contains non-ASCII characters or if the script attempts to access memory locations above the stack pointer. An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. An issue existed in which an attacker with access to a targeted user’s computer could decrypt passwords stored in Keychain items using a craftedlrn AppleScript. An issue existed in which a targeted user’s credentials may have been revealed to other users on the same local network if the user clicked on a malicious link sent via iMessage or opened a malicious story in newsfeed on the macOS Facebook app. An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user clicked on a malicious link sent via iMessage. An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user opened a malicious story in newsfeed on the macOS Facebook app. An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user clicked on a malicious link sent via iMessage. An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user opened a malicious story in newsfeed on the macOS Facebook app. An issue existed where a

Vulnerability overview

An issue existed where a targeted user’s credentials may have been revealed to other users on the same local network if the user clicked on a malicious link sent via iMessage or opened a malicious story in newsfeed on the macOS Facebook app.
An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user clicked on a malicious link sent via iMessage. An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user opened a malicious story in newsfeed on the macOS Facebook app.
An issue existed where a targeted user’s screen may have been captured via screen-sharing software if the user clicked on a malicious link sent via iMessage. An issue existed where a targeted user’s credentials may have been revealed to other users on the same local network if the user clicked on a malicious link sent via iMessage or opened a malicious story in newsfeed on the macOS Facebook app.

Timeline

Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 19:18:00 UTC

References