Out-of-Bounds Read Vulnerability in AppleScript Affecting Apple Products
CVE-2022-26698

7.1HIGH

Key Information:

Vendor
Apple
Status
Security Update - Catalina
Mac OS
Vendor
CVE Published:
26 May 2022

Summary

An out-of-bounds read vulnerability exists in AppleScript, potentially leading to unexpected application termination or the exposure of sensitive process memory. This issue arises when handling a specifically crafted AppleScript binary, prompting the need for improved bounds checking. Users are advised to update to the latest macOS versions to mitigate this risk and enhance their system's security against exploitation.

Affected Version(s)

macOS < 11.6

macOS < 12.4

Security Update - Catalina < 2022

References

https://support.apple.com/en-us/HT213255
x_refsource_MISC
https://support.apple.com/en-us/HT213256
x_refsource_MISC
https://support.apple.com/en-us/HT213257
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.