CVE-2022-22665
In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten AMD, apache, AppKit, AppleAVD, AppleGraphicsControl, AppleScript, AVEVideoEncoder, Contacts, CoreTypes, CVMS, DriverKit, Graphics Drivers, ImageIO, Intel Graphics Drivers, IOKit, IOMobileFrameBuffer, Kernel, LaunchServices, libresolv, LibreSSL, libxml2, OpenSSL, PackageKit, Vorschau, Drucken, Safari Private Browsing, Sicherheit, SMB, SoftwareUpdate, Spotlight, TCC, Tcl, Vim, WebKit, WebRTC, Wi-Fi, zip, zlib und zsh. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen und im schlimmsten Fall das System zu kompromittieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
EPSS 0.33% · 56.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Apple macOS Catalina |
Exploit Intelligence
- https://github.com/acheong08/CVE-2022-26726-POC (certbund)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
…and 1 more exploits
Timeline
- Mar 15, 2022 CVE Published
- Mar 19, 2022 EPSS Score
- May 9, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Aug 20, 2022 EPSS Score
- Oct 10, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- May 3, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1056.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1056 advisory
- https://support.apple.com/en-us/HT213183 advisory
- https://support.apple.com/en-us/HT213184 advisory
- https://support.apple.com/en-us/HT213185 advisory
- https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1057.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1057 advisory
- https://support.apple.com/en-us/HT213255 advisory
- https://support.apple.com/en-us/HT213256 advisory
- https://support.apple.com/en-us/HT213257 advisory
- https://github.com/acheong08/CVE-2022-26726-POC exploit
- https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/apple-releases-security-updates-0 advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html advisory
- https://wojciechregula.blog/post/macos-sandbox-escape-via-terminal/ advisory