CVE-2022-26712

Name of the Vulnerable Software and Affected Versions macOS versions prior to 11.6.6 macOS versions prior to 12.4

Description The issue is related to the PackageKit component in macOS, which has insufficient access controls. Exploitation of this issue may allow an attacker to execute arbitrary code. A malicious application may be able to modify protected parts of the file system. The estimated number of potentially affected devices is not specified. There have been reports of real-world incidents where this issue was exploited, including the use of a Fully Undetectable (FUD) macOS Backdoor.

Recommendations For macOS versions prior to 11.6.6, update to version 11.6.6 or later to resolve the issue. For macOS versions prior to 12.4, update to version 12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable PackageKit component until a patch is available. Avoid using the DYLD INSERT LIBRARIES environment variable to load the ShoveService.framework, as it may be used to exploit this issue.