CVE-2022-26721

Vulnerability

A memory initialization issue exists in macOS. This vulnerability, tracked as CVE-2022-26721, is present in macOS Catalina, macOS Big Sur 11.6.6 and earlier, and macOS Monterey 12.4 and earlier. Apple fixed the issue in Security Update 2022-004 Catalina, macOS Monterey 12.4, and macOS Big Sur 11.6.6 [1][3].

Exploitation

An attacker must already have the ability to run a malicious application on the target system. No additional authentication or special network position is required beyond the initial code execution. The exploit involves triggering the memory initialization flaw through the application [1].

Impact

A successful exploit allows a malicious application to escalate privileges to root [1]. This gives the attacker full administrative control over the affected Mac, enabling them to install software, modify system files, or access sensitive data.

Mitigation

Apple released the fix in Security Update 2022-004 Catalina, macOS Monterey 12.4, and macOS Big Sur 11.6.6 on May 16, 2022 [1][2][3]. Users should update to these versions or later as soon as possible. No workarounds have been disclosed.