CVE-2022-26704
moderate-risk
Published 2022-05-26
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.
Do I need to act?
-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (19)
Affected Vendors
References (12)
Mailing List
http://seclists.org/fulldisclosure/2022/Jul/13
Mailing List
http://seclists.org/fulldisclosure/2022/Jul/14
Technical Description
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022...
Release Notes
https://support.apple.com/en-us/HT213257
Mailing List
https://support.apple.com/kb/HT213343
Vendor Advisory
https://support.apple.com/kb/HT213344
Mailing List
http://seclists.org/fulldisclosure/2022/Jul/13
Mailing List
http://seclists.org/fulldisclosure/2022/Jul/14
Technical Description
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022...
Release Notes
https://support.apple.com/en-us/HT213257
Mailing List
https://support.apple.com/kb/HT213343
Vendor Advisory
https://support.apple.com/kb/HT213344
44
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
19/34 · Moderate