PT-2022-18006 · Apple · Apple Macos

Mickey Jin

Published

2022-03-14

Updated

2022-06-29

CVE-2022-26688

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions macOS versions prior to Monterey 12.3 macOS versions prior to Big Sur 11.6.5 macOS Catalina versions prior to Security Update 2022-003

Description An issue in the handling of symlinks was addressed with improved validation. A malicious app with root privileges may be able to modify the contents of system files.

Recommendations For macOS Catalina, apply Security Update 2022-003 to resolve the issue. For macOS Big Sur, update to version 11.6.5 or later to resolve the issue. For macOS Monterey, update to version 12.3 or later to resolve the issue.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2022-26688

ZDI-22-877

Affected Products

Apple Macos

PT-2022-18006 · Apple · Apple Macos

CVE-2022-26688

Weakness Enumeration

Related Identifiers

Affected Products

References · 10