Unrated severityNVD Advisory· Published May 26, 2022· Updated Aug 3, 2024

CVE-2022-26720

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds write in macOS kernel allows a malicious application to execute arbitrary code with kernel privileges, patched in macOS Monterey 12.4, Big Sur 11.6.6, and Security Update 2022-004 Catalina.

Vulnerability

An out-of-bounds write vulnerability exists in the macOS kernel. A malicious application can trigger this memory corruption issue, leading to arbitrary code execution with kernel privileges. The issue affects macOS Monterey before version 12.4, macOS Big Sur before version 11.6.6, and macOS Catalina before Security Update 2022-004 [1][2][3].

Exploitation

An attacker requires the ability to run a malicious application on the target system. No additional privileges or user interaction beyond launching the application are necessary. The application triggers the out-of-bounds write by exploiting the flawed bounds checking in the kernel code.

Impact

Successful exploitation allows the attacker to execute arbitrary code with kernel privileges, resulting in full compromise of the system's confidentiality, integrity, and availability.

Mitigation

Apple addressed this issue in macOS Monterey 12.4, macOS Big Sur 11.6.6, and Security Update 2022-004 for Catalina, all released on May 16, 2022 [1][2][3]. No workarounds are available; users should apply the updates promptly.

References

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./macOSllm-fuzzy2 versions
= 12.4 (Monterey), 11.6.6 (Big Sur), 2022-004 (Catalina)+ 1 more
- (no CPE)range: = 12.4 (Monterey), 11.6.6 (Big Sur), 2022-004 (Catalina)
- (no CPE)range: unspecified
Apple Inc./Security Update 2021-008 Catalinacpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/HT213255mitrex_refsource_MISC
support.apple.com/en-us/HT213256mitrex_refsource_MISC
support.apple.com/en-us/HT213257mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000