VYPR
← All advisories
Unrated severityNVD Advisory· Published May 26, 2022· Updated Aug 3, 2024

CVE-2022-26698

CVE-2022-26698

Description

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in AppleScript binary processing on macOS could lead to application termination or disclosure of process memory.

Vulnerability

An out-of-bounds read vulnerability exists in the processing of AppleScript binaries on macOS. The issue is present in versions prior to Security Update 2022-004 for Catalina, macOS Big Sur 11.6.6, and macOS Monterey 12.4. Processing a maliciously crafted AppleScript binary triggers an out-of-bounds read due to insufficient bounds checking.

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted AppleScript binary to a target user. No special network position or authentication is required; the attacker must only convince the user to process the malicious binary (e.g., by opening a file or running a script). The out-of-bounds read occurs during parsing of the binary.

Impact

Successful exploitation can result in unexpected application termination (denial of service) or disclosure of process memory, potentially leaking sensitive information. The vulnerability does not grant code execution or privilege escalation based on the available description.

Mitigation

Apple addressed this issue in Security Update 2022-004 for macOS Catalina, macOS Big Sur 11.6.6, and macOS Monterey 12.4, all released on May 16, 2022 [1][2][3]. Users should update to the latest available version for their macOS release. No workarounds are documented.

References
  1. About the security content of macOS Monterey 12.4 - Apple Support
  2. About the security content of macOS Big Sur 11.6.6 - Apple Support
  3. About the security content of Security Update 2022-004 Catalina - Apple Support

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Apple Inc./macOSllm-fuzzy2 versions
    Catalina < Security Update 2022-004; Monterey <12.4; Big Sur <11.6.6+ 1 more
    • (no CPE)range: Catalina < Security Update 2022-004; Monterey <12.4; Big Sur <11.6.6
    • (no CPE)range: unspecified
  • Apple Inc./Security Update 2021-008 Catalinacpe-rescue
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.