Vendor: Apple Vendor URL: https://www.apple.com/ Systems Affected: macOS Monterey before 12.3, macOS Big Sur before 11.6.5 and macOS 10.15 Catalina before Security Update 2022-003 Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URLs: https://support.apple.com/en-us/HT213183, https://support.apple.com/en-us/HT213185, https://support.apple.com/en-gw/HT213185 CVE Identifier: CVE-2022-22582 Risk: 5.0 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Summary In October 2021, Apple released a fix for CVE-2021-30833. This was an arbitrary file-write … Continue reading Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
Vendor: Apple Vendor URL: https://www.apple.com/ Versions affected: xar 1.8-dev Systems Affected: macOS versions below 12.0.1 Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://support.apple.com/en-gb/HT212869 CVE Identifier: CVE-2021-30833 Risk: 5.0 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Summary XAR is a file archive format used in macOS, and is part of various file formats, including .xar, .pkg, .safariextz, and .xip files. XAR archives … Continue reading Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
A local macOS user or process may be able to modify or replace files executed by Installer. This could allow a low-privileged user or process to gain arbitrary code execution with root privileges, effectively leading to a full system compromise.
Using a carefully crafted calendar event, an attacker can retrieve semi-arbitrary files from a target victim’s macOS system, all the victim has to do is click on an invite.
This post explores the potential abuse of some features within the macOS Calendar application. It covers multiple attack paths that could lead to code execution and discusses the protections Apple has in place to mitigate them.