Unrated severityNVD Advisory· Published May 26, 2022· Updated May 30, 2025

CVE-2022-26770

Description

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in macOS kernel allows a malicious application to execute arbitrary code with kernel privileges.

Vulnerability

An out-of-bounds read issue exists in the macOS kernel, addressed with improved input validation. The vulnerability affects macOS Monterey 12.4, macOS Big Sur 11.6.6, and Security Update 2022-004 Catalina. A malicious application may be able to trigger the out-of-bounds read to execute arbitrary code with kernel privileges. [1]

Exploitation

An attacker requires the ability to run a malicious application on the target system. No user interaction beyond launching the application is needed. The application can trigger the out-of-bounds read by exploiting the kernel memory corruption, leading to code execution. [1]

Impact

Successful exploitation allows the malicious application to execute arbitrary code with kernel privileges, resulting in full compromise of the system's confidentiality, integrity, and availability. [1]

Mitigation

Apple has released fixes in macOS Monterey 12.4, macOS Big Sur 11.6.6, and Security Update 2022-004 Catalina, all dated May 16, 2022. Users should update to the latest versions to mitigate the vulnerability. No workarounds are provided by Apple. [1]

References

About the security content of macOS Monterey 12.4 - Apple Support

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./macOSllm-fuzzy2 versions
12.4 / 11.6.6 / Security Update 2022-004 Catalina+ 1 more
- (no CPE)range: 12.4 / 11.6.6 / Security Update 2022-004 Catalina
- (no CPE)range: unspecified
Apple Inc./Security Update 2021-008 Catalinacpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/HT213255mitrex_refsource_MISC
support.apple.com/en-us/HT213256mitrex_refsource_MISC
support.apple.com/en-us/HT213257mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000