Out-of-Bounds Write Vulnerability in Apple macOS Products
CVE-2022-26748

8.8HIGH

Key Information:

Vendor

Apple
Status
Security Update - Catalina
Mac OS
Vendor
CVE Published:
26 May 2022

What is CVE-2022-26748?

An out-of-bounds write vulnerability has been identified in Apple macOS, which can be exploited through maliciously crafted web content. This flaw arises from improper input validation, potentially allowing an attacker to execute arbitrary code on the affected system. Apple has provided updates in Security Update 2022-004 for Catalina, as well as for macOS Monterey 12.4 and Big Sur 11.6.6, to mitigate this concern.

Affected Version(s)

macOS < 11.6

macOS < 12.4

Security Update - Catalina < 2022

References

https://support.apple.com/en-us/HT213255
x_refsource_MISC
https://support.apple.com/en-us/HT213256
x_refsource_MISC
https://support.apple.com/en-us/HT213257
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.