CVE-2022-26708 — Apple Macos vulnerability

7 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.6%

top 18.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple IOS 15.5 AND Ipados Apple Macos Monterey +2 more

Timeline

PublishedMay 26

Latest updateJul 1

Description

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶Appleapple/macos_monterey12.4

▶CVEListV5apple/macosunspecified — 12.4

▶NVDapple/macos12.0.0 — 12.4

▶Appleapple/tvos15.5

▶Appleapple/watchos8.6

🔴Vulnerability Details

Kernel

ipc, msg: Use dedicated slab buckets for alloc_msg()↗2024-07-01

▶

GHSA

GHSA-xr75-jrfp-9gq2: This issue was addressed with improved checks↗2022-05-27

▶

📋Vendor Advisories

Apple

CVE-2022-26708: watchOS 8.6↗2022-05-16

▶

Apple

CVE-2022-26708: iOS 15.5 and iPadOS 15.5↗2022-05-16

▶

Apple

CVE-2022-26708: tvOS 15.5↗2022-05-16

▶

Apple

CVE-2022-26708: macOS Monterey 12.4↗2022-05-16

▶