Journalists are busying themselves to tell Apple users the sky is falling, given the quiet hint from Apple about exploitation of CVE-2022-42827…

An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Actively exploited?

That’s a giant flashing red light buried by Apple halfway down their security advisory page.

Meanwhile a far more interesting and crazy detail nobody is taking about is that MacOS Ventura security lists forty, that’s four zero, vulnerabilities fixed in a text editor (Vim).

CVE-2022-0261 (7.8 High)

CVE-2022-0318 (9.8 Critical)

CVE-2022-0319 (5.5 Medium)

CVE-2022-0351 (7.8 High)

CVE-2022-0359 (7.8 High)

CVE-2022-0361 (7.8 High)

CVE-2022-0368 (7.8 High)

CVE-2022-0392 (7.8 High)

CVE-2022-0554 (7.8 High)

CVE-2022-0572 (7.8 High)

CVE-2022-0629 (6.1 Medium)

CVE-2022-0685 (7.8 High)

CVE-2022-0696 (5.5 Medium)

CVE-2022-0714 (5.5 Medium)

CVE-2022-0729 (6.5 Medium)

CVE-2022-0943 (7.8 High)

CVE-2022-1381 (7.8 High)

CVE-2022-1420 (5.5 Medium)

CVE-2022-1725 (5.5 Medium)

CVE-2022-1616 (7.8 High)

CVE-2022-1619 (7.8 High)

CVE-2022-1620 (7.8 High)

CVE-2022-1621 (7.8 High)

CVE-2022-1629 (7.8 High)

CVE-2022-1674 (5.5 Medium)

CVE-2022-1733 (7.8 High)

CVE-2022-1735 (7.8 High)

CVE-2022-1769 (7.8 High)

CVE-2022-1927 (9.8 Critical)

CVE-2022-1942 (7.8 High)

CVE-2022-1968 (7.8 High)

CVE-2022-1851 (7.8 High)

CVE-2022-1897 (7.8 High)

CVE-2022-1898 (7.8 High)

CVE-2022-1720 (7.8 High)

CVE-2022-2000 (7.8 High)

CVE-2022-2042 (9.8 Critical)

CVE-2022-2124 (7.8 High)

CVE-2022-2125 (7.8 High)

CVE-2022-2126 (7.8 High)

Whoa. That’s a… giant flashing red dumpster fire buried halfway down the page.

And I don’t understand Apple’s list. It seems random at best. Why not sequential by ID or severity?

Or to say it another way, here are critical ones listed together:

• CVE-2022-0318 (9.8 Critical): Reported Jan 18, 2022. Heap-based Buffer Overflow in vim/vim prior to 8.2. Found by @zfeixq.
• CVE-2022-1927 (9.8 Critical): Reported May 22, 2022. Buffer Over-read in GitHub repository vim/vim prior to 8.2. Found by TDHX ICS Security @jieyongma
• CVE-2022-2042 (9.8 Critical): Reported Jun 6, 2022. Use After Free in GitHub repository vim/vim prior to 8.2. Found by Muhammad Aldo Firmansyah @thecrott

January, then May then June… critical vulns fixed by Apple months later in October.

The scatter shot mess is detailed by Bram Moolenar who has been posting continuously on a bounty site for months while discussing fixes.

Use After Free in function did_set_string_option fix in vim / vim Sep 28

Stack-based Buffer Overflow in function win_redr_ruler fix in vim / vim Sep 27

Use After Free in function process_next_cpt_value fix in vim / vim Sep 24

Stack-based Buffer Overflow in function ex_finally fix in vim / vim Sep 24

Access violation near NULL on destination operand eval.c:2603:37 in segmentation fault fix in vim / vim Sep 22

Use After Free in function movemark fix in vim / vim Sep 21

Use After Free in function getcmdline_int fix in vim / vim Sep 17

Heap-based Buffer Overflow in function utfc_ptr2len fix in vim / vim Sep 16

Null Dereference in vim_regcomp() fix in vim / vim Sep 7

Use After Free in function do_tag fix in vim / vim Sep 5

Use After Free in function do_cmdline fix in vim / vim Sep 2

Use After Free in Function qf_buf_add_line( ) fix in vim / vim Aug 29

Use After Free in function get_next_valid_entry fix in vim / vim Aug 27

Use After Free in function qf_fill_buffer fix in vim / vim Aug 24

NULL Pointer Dereference in function do_mouse fix in vim / vim Aug 24

Use After Free in function vim_vsnprintf_typval fix in vim / vim Aug 22

NULL Pointer Dereference in function sug_filltree fix in vim / vim Aug 21

Use After Free in function find_var_also_in_script fix in vim / vim Aug 18

NULL Pointer Dereference in function generate_loadvar fix in vim / vim Aug 17

use after free in function generate_PCALL fix in vim / vim Aug 16

Heap-based Buffer Overflow in function latin_ptr2len fix in vim / vim Aug 16

Buffer Over-read in function utf_head_off fix in vim / vim Aug 16

Use After Free in function string_quote fix in vim / vim Aug 14

Out-of-bounds read in function check_vim9_unlet in vim/vim fix in vim / vim Aug 14

Heap-based Buffer Overflow in function compile_lock_unlock in vim/vim fix in vim / vim Aug 14

Undefined behavior in diff_write_buffer() fix in vim / vim Jul 30

Out-of-bounds Read in function utf_ptr2char fix in vim / vim Jul 29

heap-buffer-overflow occurs in function eval_string ./vim/src/typval.c:2226 fix in vim / vim Jul 29

Heap-based buffer overflow in function vim_iswordp_buf fix in vim / vim Jul 28

Heap-based Buffer Overflow in function ins_compl_infercase_gettext() fix in vim / vim Jul 23

Heap Use After Free in function skipwhite fix in vim / vim Jul 7

Heap-based buffer overflow in function ins_compl_add fix in vim / vim Jul 7

Heap-based Buffer Overflow in function ins_compl_add fix in vim / vim Jul 7

Stack-based Buffer Overflow in function spell_dump_compl fix in vim / vim Jul 4

Heap Use After Free in function ex_diffgetput fix in vim / vim Jul 2

Out-of-bound write in function parse_command_modifiers fix in vim / vim Jul 2

Out-of-bound read data in function suggest_trie_walk() abusing array byts fix in vim / vim Jul 1

Out-of-bounds Read in function ins_bytes fix in vim / vim Jul 1

Integer Overflow in function del_typebuf fix in vim / vim Jul 1

Heap-based Buffer Overflow in function utfc_ptr2len fix in vim / vim Jul 1

Heap-based buffer overflow in function inc fix in vim / vim Jun 30

Out-of-bound read in function msg_outtrans_special fix in vim / vim Jun 29

Null pointer dereference in function skipwhite fix in vim / vim Jun 27

Out-of-bound write in function ml_append_int fix in vim / vim Jun 26

Null pointer dereference in function diff_check fix in vim / vim Jun 26

Heap-based buffer overflow in function ins_bs fix in vim / vim Jun 26

Out-of-bound read in function msg_outtrans_attr fix in vim / vim Jun 25

Out-of-bounds Read in function get_lisp_indent fix in vim / vim Jun 22

Heap-based Buffer Overflow in function utf_ptr2char fix in vim / vim Jun 22

Buffer Over-read in function put_on_cmdline fix in vim / vim Jun 22

Memory leaks in function vim_strsave fix in vim / vim Jun 21

Out-of-bounds write in function vim_regsub_both fix in vim / vim Jun 18

Out-of-bounds Read in function suggest_trie_walk fix in vim / vim Jun 18

Heap-based Buffer Overflow in function get_lisp_indent fix in vim / vim Jun 18

Buffer Over-read in function current_quote fix in vim / vim Jun 18

use after free in skipwhite fix in vim / vim Jun 9

Out-of-bounds write in function append_command fix in vim / vim Jun 6

Use After Free in function utf_ptr2char fix in vim / vim
Jun 1

Heap-based Buffer Overflow in function vim_regsub_both fix in vim / vim May 30

Buffer Over-read in function utf_ptr2char fix in vim / vim May 28

Use After Free in function find_pattern_in_path fix in vim / vim May 26

Out-of-bounds write in function vim_regsub_both fix in vim / vim May 26

Heap-based Buffer Overflow in function utf_head_off fix in vim / vim May 25

Out-of-bounds read in function gchar_cursor fix in vim / vim May 24

heap-use-after-free in function find_pattern_in_path fix in vim / vim May 18

And the list goes on and on… which begs the question of whether a “bounty” system is over-inflating results for enrichment instead of efficiencies.

Take for example, these two entries listed as separate and distinct each with their own bounties.

• Heap-based buffer overflow in function ins_compl_add fix in vim / vim Jul 7
• Heap-based Buffer Overflow in function ins_compl_add fix in vim / vim Jul 7

The description of the first is “CVE-2022-2343:Heap-based buffer overflow in function ins_compl_add at insexpand.c:751” and the second is “CVE-2022-2344: Heap-based Buffer Overflow in function ins_compl_add at insexpand.c:751”

What’s the diff?

Why not one have one CVE? Why not have a single bounty? Maybe it’s a mistake.

The title of the paper published 21 September October 2022 is ominous:

Selective neutralisation and deterring of cockroaches with laser automated by machine vision

The abstract is even more chilling

…we present a laser system automated by machine vision for neutralising and influencing the behaviour of insect pests. By performing experiments on domiciliary cockroaches, Blattella germanica, we demonstrate that our approach enables the immediate and selective neutralisation of individual insects at a distance up to 1.2 m. We further show the possibility to deter cockroaches by training them not to hide under a dark shelter through aversive heat conditioning with a low power-laser. Parameters of our prototype system can readily be tuned for applications in various situations and on different pest species like mosquitoes, locusts, and caterpillars.

Targets can be trained to not hide, so they come into field of view for “neutralisation”, and applications may include a wide variety of “species”.

The authors explain the risks they considered, but seem rather… superficial.

…we envisioned major health and safety risks that could be triggered by the use of high laser power, such as eye damage and fire ignition, which prevented the large-scale expansion of our prototype.

When I think of major risks, the first thing that comes to mind is incorrect targeting, like killing the wrong target as opposed to just injuring property or witnesses nearby. I mean data integrity should be top of every machine learning risk list, no? Very disappointed to find it missing here.

Unlike riding around in cages behind darkened glass to scan identities from afar, or sitting in a room of billion dollar blinking lights ready to zoom in like it’s 1968 again, police walking around street level engaging with community seem to bring a profound reduction of crime.

Back in 2016 the data suggested it took only 20 minutes.

Bobbies on the beat really do prevent serious crime and police could cut thousands of assaults each year simply by sending officers to problem areas for just 21 minutes a day, a Cambridge University study suggests…

The latest data shows even 15 minutes could be enough to impact crime levels.

Just 15 minutes of police patrols can reduce levels of violent crime by more than 70%, according to a new study.

The Youth Endowment Fund analysis of an Essex Police pilot in Southend-on-Sea in summer 2020 found that violent crime fell by 74% on days when patrols took place.

Other patrol schemes have got similar results. Operation Rowan in Bedfordshire “involved patrols of 15 minutes each day in 30 hotspot areas where a third of the county’s serious violent crime was taking place”, said The Times’ crime editor Fiona Hamilton.The patrols were credited for a 38% reduction in violence and robbery.

West Midlands police reported a 14% drop in street crimes and antisocial behaviour following patrols in Birmingham.

While forces nationwide are spending more money on “the latest artificial intelligence to predict crime patterns”, the findings “underline the effectiveness of old-fashioned policing”, wrote Hamilton.

“Bobbies on beat” seems like what Robert Peel intended in 1829 when he came up with the idea of modern city police, as the original Bobbie.

If there’s one thing I’ve noticed about San Francisco police, it’s that you NEVER see them just out and about for a walk, like grabbing a sandwich or cup of coffee to be part of community. Go ahead and try to find a police officer in public in San Francisco. You’re far more likely to see crimes taking place in broad daylight with no response.