CVE-2022-22630: macOS Remote Events Remote Code Execution Flaw

A high Apple macOS Remote Events vulnerability (CVE-2022-22630), which was discovered by Jeremy Brown on December 22, 2021, just goes public recently on the Zero Day Initiative (ZDI) website. Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities.

Apple Events is a technology that allows one program to communicate with other programs. Apple Remote Events allows a program on one computer to communicate with a program on a different computer. With remote Apple events turned on, an AppleScript program running on another Mac can interact with the local computer.

According to the ZDI Security Advisory, the vulnerability is a memory corruption bug that affects the macOS Monterey version prior to 12.3 and allows a remote attacker to execute code in the context of the AEServer process.

The flaw tracked as CVE-2022-22630 (CVSS score 8.1), exists in the Apple Remote Events (AEServer is a background process that processes incoming AppleEvents from remote Macs) that results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability,” a security advisory explains.

The vulnerability has been addressed by Apple and macOS Monterey 12.3 is available to fix this flaw, so macOS users need to upgrade their system to the latest version as soon as possible. Also, it is recommended to disable Remote Apple Events. You can do it via “sudo systemsetup -setremoteappleevents off” command.