Memory Corruption in macOS by Apple Leading to Arbitrary Code Execution
CVE-2022-26761

7.8HIGH

Key Information:

Vendor: Apple
Status: Security Update - Catalina; Mac OS
Vendor: CVE Published:; 26 May 2022

What is CVE-2022-26761?

A vulnerability exists in macOS due to improper memory handling, which could allow an application to execute arbitrary code with kernel privileges. This issue has been addressed with improved memory management in the updates provided by Apple, specifically in the Security Update 2022-004 for Catalina and macOS Big Sur 11.6.6. Users are encouraged to apply the latest updates to mitigate potential risks.

Affected Version(s)

macOS < 11.6

Security Update - Catalina < 2022

References

https://support.apple.com/en-us/HT213255

x_refsource_MISC

https://support.apple.com/en-us/HT213256

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2022
Vulnerability Reserved
Mar 8, 2022