A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/Jul/13 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Jul/14 | Mailing List Third Party Advisory |
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md | Technical Description Third Party Advisory |
https://support.apple.com/en-us/HT213257 | Release Notes Vendor Advisory |
https://support.apple.com/kb/HT213343 | Mailing List |
https://support.apple.com/kb/HT213344 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Nov 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple mac Os X
|
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Jul/13 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md - Technical Description, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213344 - Vendor Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Jul/14 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213343 - Mailing List | |
CPE | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:* |
30 Jul 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jul 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jun 2022, 19:02
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://support.apple.com/en-us/HT213257 - Release Notes, Vendor Advisory | |
CWE | CWE-59 | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | |
First Time |
Apple
Apple macos |
26 May 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-26 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26704
Mitre link : CVE-2022-26704
CVE.ORG link : CVE-2022-26704
JSON object : View
Products Affected
apple
- mac_os_x
- macos
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')