Vulnerability Description
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | >= 10.15, < 10.15.7 |
| Apple | Macos | >= 11.0, < 11.6.8 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2022/Jul/13Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Jul/14Mailing ListThird Party Advisory
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022Technical DescriptionThird Party Advisory
- https://support.apple.com/en-us/HT213257Release NotesVendor Advisory
- https://support.apple.com/kb/HT213343Mailing List
- https://support.apple.com/kb/HT213344Vendor Advisory
- http://seclists.org/fulldisclosure/2022/Jul/13Mailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Jul/14Mailing ListThird Party Advisory
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022Technical DescriptionThird Party Advisory
- https://support.apple.com/en-us/HT213257Release NotesVendor Advisory
- https://support.apple.com/kb/HT213343Mailing List
- https://support.apple.com/kb/HT213344Vendor Advisory
FAQ
What is CVE-2022-26704?
CVE-2022-26704 is a vulnerability with a CVSS score of 7.8 (HIGH). A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privilege...
How severe is CVE-2022-26704?
CVE-2022-26704 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26704?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Macos.