CVE-2022-32853 An out-of-bounds read issue was fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, and macOS Monterey 12.5.

This issue is fixed in Security Update 2022-005 Catalina, macOS Mojave 10.14.5, macOS High Sierra 10.13.5, and macOS Sierra 10.12.6. A maliciously crafted Adobe Type Manager (ATM) file may result in unexpected termination. Processing an Adobe Type Manager file may also result in unexpected termination. This issue is fixed in Security Update 2022-005 Catalina, macOS High Sierra 10.13.5, and macOS Sierra 10.12.6. An issue where clearing the Terminal Server cache may result in unexpected application termination was addressed.

Processing a maliciously crafted terminal server session request may result in unexpected termination. This issue is fixed in Security Update 2022-005 Catalina, macOS High Sierra 10.13.5, and macOS Sierra 10.12.6. An issue where loading a maliciously crafted Microsoft Excel workbook may result in unexpected termination was addressed. Processing a maliciously crafted Microsoft Excel workbook may result in unexpected termination. This issue is fixed in Security Update 2022-005 Catalina, macOS High Sierra 10.13.5, and macOS Sierra 10.12.6. An issue where an application may unexpectedly terminate if the user accepts a remote connection from an untrusted source was addressed.

An untrusted connection may result in unexpected application termination. This issue is fixed in Security Update 2022-005 Catalina, macOS High Sierra 10.13.5, and macOS Sierra 10.12

Mitigation Strategies

Security Update 2022-005 Catalina, macOS High Sierra 10.13.5, and macOS Sierra 10.12.6:
The following mitigation strategies are available to help prevent exploitation of this vulnerability:
- Disable the "Allow remote connections" setting in file sharing preferences
- Block incoming network connections from untrusted sources

Installation Notes

OS X 10.6 - 10.12 | 32-bit
The security content of Safari Technology Preview 65 has been updated with information about the following vulnerabilities that have been addressed by Security Update 2022-005 Catalina, macOS High Sierra 10.13.5, and macOS Sierra 10.12.6: CVE-2022-32853, CVE-2018-4252, CVE-2018-4253, and CVE-2018-4254

Timeline

Published on: 09/23/2022 19:15:00 UTC
Last modified on: 09/27/2022 19:22:00 UTC

References

• https://support.apple.com/en-us/HT213344
• https://support.apple.com/en-us/HT213345
• https://support.apple.com/en-us/HT213343
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32853