CVE-2022-26706

Name of the Vulnerable Software and Affected Versions tvOS versions prior to 15.5 iOS versions prior to 15.5 iPadOS versions prior to 15.5 watchOS versions prior to 8.6 macOS Big Sur versions prior to 11.6.6 macOS Monterey versions prior to 12.4

Description The issue is related to insufficient access controls in the LaunchServices component of Apple operating systems, allowing an attacker to bypass sandbox restrictions. This could enable the execution of malicious code on the system. The vulnerability was discovered while studying methods for launching and detecting malicious macros in Office documents on macOS. It was found that using Launch Services to run a command with a specific prefix allows escaping the application sandbox in macOS. The estimated number of potentially affected devices is not specified.

Recommendations For tvOS versions prior to 15.5, update to tvOS 15.5 or later. For iOS versions prior to 15.5, update to iOS 15.5 or later. For iPadOS versions prior to 15.5, update to iPadOS 15.5 or later. For watchOS versions prior to 8.6, update to watchOS 8.6 or later. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6 or later. For macOS Monterey versions prior to 12.4, update to macOS Monterey 12.4 or later. As a temporary workaround, consider restricting access to the LaunchServices component until a patch is available. Avoid using the open command with the --stdin option in Python files with the ~$ prefix to minimize the risk of exploitation.