CVE-2022-26748

Vulnerability

An out-of-bounds write vulnerability exists in the handling of maliciously crafted web content on macOS. This issue affects macOS Monterey prior to version 12.4, macOS Big Sur prior to version 11.6.6, and macOS Catalina prior to Security Update 2022-004 [1][2][3]. The vulnerability is triggered when processing specially crafted web content, potentially leading to memory corruption.

Exploitation

To exploit this vulnerability, an attacker would need to convince a user to view maliciously crafted web content, typically via a web browser or email client. No additional authentication or network position is required beyond the ability to serve the malicious content. Successful exploitation involves delivering the crafted content, which causes an out-of-bounds write during processing.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected user's account. This could lead to unauthorized data access, modification, or further system compromise depending on the user's privileges.

Mitigation

Apple has addressed this vulnerability by releasing macOS Monterey 12.4, macOS Big Sur 11.6.6, and Security Update 2022-004 for Catalina on May 16, 2022 [1][2][3]. No workarounds are available; users are advised to apply the latest updates promptly.