Memory Corruption Vulnerability in Apple iTunes and macOS Products
CVE-2022-26751

7.8HIGH

Key Information:

Vendor

Apple
Status
Security Update - Catalina
Mac OS
Vendor
CVE Published:
26 May 2022

What is CVE-2022-26751?

A memory corruption vulnerability exists in iTunes and several versions of macOS, which can be exploited by processing a specially crafted image file. If successfully exploited, this could allow an attacker to execute arbitrary code on the affected system, potentially leading to unauthorized access and data compromise. Apple has addressed this issue with improved input validation, providing users with security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

macOS < 11.6

macOS < 12.4

macOS < 15.5

References

https://support.apple.com/en-us/HT213255
x_refsource_MISC
https://support.apple.com/en-us/HT213256
x_refsource_MISC
https://support.apple.com/en-us/HT213258
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.