An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | 10.15 (including) | 10.15.7 (excluding) |
| Mac_os_x | Apple | 10.15.7 (including) | 10.15.7 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020 (including) | 10.15.7-security_update_2020 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-001 (including) | 10.15.7-security_update_2020-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-005 (including) | 10.15.7-security_update_2020-005 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-007 (including) | 10.15.7-security_update_2020-007 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-001 (including) | 10.15.7-security_update_2021-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-002 (including) | 10.15.7-security_update_2021-002 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-003 (including) | 10.15.7-security_update_2021-003 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-006 (including) | 10.15.7-security_update_2021-006 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-007 (including) | 10.15.7-security_update_2021-007 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-008 (including) | 10.15.7-security_update_2021-008 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-001 (including) | 10.15.7-security_update_2022-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-002 (including) | 10.15.7-security_update_2022-002 (including) |
| Mac_os_x | Apple | 10.15.7-supplemental_update (including) | 10.15.7-supplemental_update (including) |
| Macos | Apple | 11.0 (including) | 11.6.5 (excluding) |
| Macos | Apple | 12.0.0 (including) | 12.3 (excluding) |