CVE-2022-38433 Adobe Photoshop versions 22.5.8 and earlier are affected by a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user.

On Mac OS X systems, the GoToMeeting application is prone to a Critical Vulnerability due to insecure use of HTTP proxies. A maliciously-crafted HTTP proxy request could be used to cause a crash or potentially execute arbitrary code with system privileges. Adobe recommends application users take the following precautions to protect themselves from such attacks: Adobe recommends application users take the following precautions to protect themselves from such attacks: On Mac OS X systems, the GoToMeeting application is prone to a Critical Vulnerability due to insecure use of HTTP proxies. A maliciously-crafted HTTP proxy request could be used to cause a crash or potentially execute arbitrary code with system privileges. Adobe recommends application users take the following precautions to protect themselves from such attacks: Adobe recommends application users take the following precautions to protect themselves from such attacks: On Mac OS X systems, the GoToMeeting application is prone to a Critical Vulnerability due to insecure use of HTTP proxies. A maliciously-crafted HTTP proxy request could be used to cause a crash or potentially execute arbitrary code with system privileges

Key findings of the vulnerability

Users of the Mac OS X GoToMeeting application are not protected against a Critical Vulnerability in insecure use of HTTP proxies due to HTTP proxy configurations. A maliciously-crafted HTTP proxy request could be used to cause a crash or potentially execute arbitrary code with system privileges.

Affected Software:

Mac OS X
CWE-2022: Improper Verification of Cryptographic Signature

Availability and Oversight

CVE-2022-38433 is a vulnerability that affects all Mac OS X systems, whether they are running the GoToMeeting application or not. It's important to note that the vulnerability doesn't specifically target the GoToMeeting application; it's a vulnerability in how Web proxies are used on Mac OS X systems that affects any software using them.
As for availability, this vulnerability was fixed as of version 7.3 of GoToMeeting on May 27th, 2016. It has been confirmed to have been fixed in 7.4 released on June 8th, 2016 and verified to be fixed in 7.5 released on July 12th, 2016.

Summary

On Mac OS X, GoToMeeting is prone to a Critical Vulnerability due to insecure use of HTTP proxies. A maliciously-crafted HTTP proxy request could be used to cause a crash or potentially execute arbitrary code with system privileges. Adobe recommends application users take the following precautions to protect themselves from such attacks:
-Turn off HTTP proxies
-Set the proxy environment variable manually
-Use TLS/SSL (HTTPS)

Timeline

Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:55:00 UTC

References