This issue is fixed in these software versions. In Safari, user agents may send a Referer header with the wrong value. This may lead to cross-site request forgery, allowing attackers to hijack other people’s sessions via a crafted website.
in tvOS and watchOS, a process may be given elevated privileges without the need for authentication. This issue is fixed in these software versions. In these operating systems, privileged process may be allowed to access data from other applications. An attacker may use this to gain access to data that should be restricted to the user’s account.
A memory corruption issue was addressed with improved memory handling. This issue may lead to remote code execution.
An issue in WebRTC was fixed that may cause a user’s desktop to become non-responsive. An attacker may cause this issue via a crafted website.
The issue was addressed with improved handling of unexpected WebRTC connections. An attacker may cause this issue via a crafted website.
An issue with certificate authentication was fixed that may cause the system to hang when starting a program during boot. This issue was addressed with improved loading of secure certificates.
This issue may be mitigated by ensuring that the root certificate is loaded.
An issue with the PDF viewer was fixed that may cause the system to hang during boot. This issue was addressed with improved handling of malformed PDF files.
This issue may be mitigated by ensuring that the
Internet Explorer
- CVE-2022-26719
This issue is fixed in these software versions. In IE, user agents may send a Referer header with the wrong value. This may lead to cross-site request forgery, allowing attackers to hijack other people’s sessions via a crafted website.
in Safari, a process may be given elevated privileges without the need for authentication. This issue is fixed in these software versions. In iOS and watchOS, privileged process may be allowed to access data from other applications. An attacker may use this to gain access to data that should be restricted to the user’s account.
A memory corruption issue was addressed with improved memory handling. This issue may lead to remote code execution.
An issue in WebRTC was fixed that may cause a user’s desktop to become non-responsive. An attacker may cause this issue via a crafted website. The issue was addressed with improved handling of unexpected WebRTC connections. An attacker may cause this issue via a crafted website.
An issue with certificate authentication was fixed that may cause the system to hang when starting a program during boot. This issue was addressed with improved loading of secure certificates.
Timeline
Published on: 11/01/2022 20:15:00 UTC
Last modified on: 11/03/2022 13:15:00 UTC