CVE-2022-26768Out-of-bounds Write in Apple Watchos

CWE-787Out-of-bounds Write7 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 25.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apple WatchosApple IpadosApple Iphone OS+5 more
Timeline
PublishedMay 26
Latest updateJul 20

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

NVDapple/macos11.011.6.6+1
Appleapple/macos_big_sur11.6.6
NVDapple/tvos< 15.5
CVEListV5apple/watchosunspecified8.6+3

🔴Vulnerability Details

1
GHSA
GHSA-j422-f42w-5w69: A memory corruption issue was addressed with improved state management2022-05-27

📋Vendor Advisories

5
Apple
CVE-2022-26768: iOS 15.6 and iPadOS 15.62022-07-20
Apple
CVE-2022-26768: watchOS 8.62022-05-16
Apple
CVE-2022-26768: macOS Monterey 12.42022-05-16
Apple
CVE-2022-26768: macOS Big Sur 11.6.62022-05-16
Apple
CVE-2022-26768: tvOS 15.52022-05-16