CVE-2022-26763

Vulnerability

CVE-2022-26763 is an out-of-bounds access issue in Apple's operating system code. The vulnerability exists in tvOS before 15.5, iOS and iPadOS before 15.5, watchOS before 8.6, macOS Big Sur before 11.6.6, macOS Monterey before 12.4, and macOS Catalina prior to Security Update 2022-004. A malicious application can trigger the flaw to gain elevated privileges.

Exploitation

An attacker must have the ability to run a crafted application on the target device. No additional user interaction is required beyond launching the app. The out-of-bounds access occurs when the application interacts with the vulnerable component, allowing memory corruption.

Impact

Successful exploitation allows the malicious application to execute arbitrary code with system privileges, potentially leading to full compromise of the device's security and data.

Mitigation

Apple has addressed the issue in the following updates: tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4, and Security Update 2022-004 for Catalina [1][2][3][4]. No workarounds are available; users should update to the latest versions.