VYPR
← All advisories
Unrated severityNVD Advisory· Published May 26, 2022· Updated Aug 3, 2024

CVE-2022-26728

CVE-2022-26728

Description

This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A malicious application may access restricted files due to improper entitlements in macOS. Fixed in macOS Monterey 12.4, Big Sur 11.6.6, and Security Update 2022-004.

Vulnerability

CVE-2022-26728 is an entitlement issue in macOS that allows a malicious application to access restricted files. The vulnerability affects macOS Monterey, Big Sur, and Catalina. It is addressed by improving entitlement checks. Affected versions include macOS Monterey before 12.4, macOS Big Sur before 11.6.6, and macOS Catalina before Security Update 2022-004 [1][2][3].

Exploitation

An attacker needs to have a malicious application installed on the system. The application can then exploit the improper entitlements to bypass restrictions and access files that are normally protected. No additional privileges or user interaction beyond running the application are required.

Impact

Successful exploitation allows the malicious application to read restricted files, potentially leading to disclosure of sensitive information. The impact is limited to file access; no elevation of privilege or code execution is implied by the description.

Mitigation

Apple has addressed this vulnerability in Security Update 2022-004 for macOS Catalina, macOS Monterey 12.4, and macOS Big Sur 11.6.6, all released on May 16, 2022 [1][2][3]. Users should apply the appropriate update to mitigate the risk.

References
  1. About the security content of macOS Monterey 12.4 - Apple Support
  2. About the security content of macOS Big Sur 11.6.6 - Apple Support
  3. About the security content of Security Update 2022-004 Catalina - Apple Support

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Apple Inc./macOSllm-fuzzy2 versions
    macOS Monterey <12.4, macOS Big Sur <11.6.6, macOS Catalina before Security Update 2022-004+ 1 more
    • (no CPE)range: macOS Monterey <12.4, macOS Big Sur <11.6.6, macOS Catalina before Security Update 2022-004
    • (no CPE)range: unspecified
  • Apple Inc./Security Update 2021-008 Catalinacpe-rescue
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.