Unrated severityNVD Advisory· Published May 26, 2022· Updated Aug 3, 2024

CVE-2022-26746

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A malicious application may bypass Privacy preferences on macOS; fixed in macOS Monterey 12.4, Big Sur 11.6.6, and Security Update 2022-004 Catalina.

Vulnerability

CVE-2022-26746 is a vulnerability in macOS that allows a malicious application to bypass Privacy preferences. The issue existed in an unspecified component and was addressed by removing the vulnerable code. Affected versions include macOS Monterey before 12.4, macOS Big Sur before 11.6.6, and macOS Catalina before Security Update 2022-004.

Exploitation

An attacker would need to have the ability to run a malicious application on the target system. No additional privileges or user interaction beyond launching the application are required. The exact exploitation steps are not disclosed, but the application could leverage the vulnerability to bypass Privacy preferences.

Impact

Successful exploitation allows the malicious application to bypass Privacy preferences, potentially gaining access to protected user data such as location, contacts, or other sensitive information that is normally restricted by Privacy controls.

Mitigation

Apple released fixes in macOS Monterey 12.4, macOS Big Sur 11.6.6, and Security Update 2022-004 for Catalina on May 16, 2022. Users should update to these versions. No workarounds are documented. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./macOS Catalinallm-fuzzy
Range: <= 2022-004
Apple Inc./macOS Big Surllm-fuzzy
Range: <= 11.6.6
Apple Inc./macOS Montereyllm-fuzzy
Range: <= 12.4
Apple Inc./macOSv5
Range: unspecified
Apple Inc./Security Update 2021-008 Catalinacpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/HT213255mitrex_refsource_MISC
support.apple.com/en-us/HT213256mitrex_refsource_MISC
support.apple.com/en-us/HT213257mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000