CVE-2022-26757
Description
CVE-2022-26757 is a use-after-free in Apple's kernel that allows an application to execute arbitrary code with kernel privileges, fixed in iOS 15.5, macOS Monterey 12.4, and others.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2022-26757 is a use-after-free in Apple's kernel that allows an application to execute arbitrary code with kernel privileges, fixed in iOS 15.5, macOS Monterey 12.4, and others.
Vulnerability
A use-after-free issue exists in the AppleAVD component on iOS, iPadOS, tvOS, watchOS, and macOS. The vulnerability was addressed by improved memory management. Affected versions include iOS and iPadOS prior to 15.5, tvOS prior to 15.5, watchOS prior to 8.6, macOS Monterey prior to 12.4, macOS Big Sur prior to 11.6.6, and macOS Catalina prior to Security Update 2022-004 [1][3].
Exploitation
An attacker requires the ability to run a malicious application on the target device. No additional privileges or user interaction beyond launching the app are specified. The use-after-free condition can be triggered by the application, leading to memory corruption [1][3].
Impact
Successful exploitation allows the application to execute arbitrary code with kernel privileges, resulting in full compromise of the operating system's security [1][3].
Mitigation
Apple released fixes on May 16, 2022 in iOS 15.5, iPadOS 15.5, tvOS 15.5, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6, and Security Update 2022-004 for macOS Catalina [1][2][3][4]. Users should update to these versions or later.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: = 15.5
- Range: = 12.4
- Range: = 15.5
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
7- packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.htmlmitrex_refsource_MISC
- support.apple.com/en-us/HT213253mitrex_refsource_MISC
- support.apple.com/en-us/HT213254mitrex_refsource_MISC
- support.apple.com/en-us/HT213255mitrex_refsource_MISC
- support.apple.com/en-us/HT213256mitrex_refsource_MISC
- support.apple.com/en-us/HT213257mitrex_refsource_MISC
- support.apple.com/en-us/HT213258mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.