Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 13, 2022Rewterz Threat Advisory – CVE-2022-39135 – Apache Calcite XML external Vulnerability
September 13, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 13, 2022Rewterz Threat Advisory – CVE-2022-39135 – Apache Calcite XML external Vulnerability
September 13, 2022Severity
High
Analysis Summary
CVE-2022-32886 CVSS:8.8
Apple Safari is vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2022-32868 CVSS:6.5
Apple Safari could allow a remote attacker to bypass security restrictions, caused by a logic issue in the Safari Extensions component. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to track users through Safari web extensions.
CVE-2022-32912 CVSS:8.8
Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-32891 CVSS:6.5
Apple Safari could allow a remote attacker to conduct spoofing attacks, caused by an error in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform UI spoofing.
Impact
- Buffer Overflow
- Security Bypass
- Code Execution
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-32886
- CVE-2022-32868
- CVE-2022-32912
- CVE-2022-32891
Affected Vendors
Apple
Affected Products
- Apple Safari 15.6
Remediation
Refer to Apple security Advisory for patch, upgrade or suggested workaround information.
Apple security Advisory