File Access Vulnerability in Apple's macOS Products
CVE-2022-26728

5.5MEDIUM

Key Information:

Vendor

Apple
Status
Security Update - Catalina
Mac OS
Vendor
CVE Published:
26 May 2022

What is CVE-2022-26728?

This vulnerability allows a malicious application to gain unauthorized access to restricted files within macOS. The issue arises due to improper entitlements, which have been addressed in the latest security updates for Catalina, Monterey, and Big Sur. Users are encouraged to apply these updates promptly to mitigate potential risks associated with this vulnerability.

Affected Version(s)

macOS < 11.6

macOS < 12.4

Security Update - Catalina < 2022

References

https://support.apple.com/en-us/HT213255
x_refsource_MISC
https://support.apple.com/en-us/HT213256
x_refsource_MISC
https://support.apple.com/en-us/HT213257
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.