What is CVE-2022-26728?

CVE-2022-26728 is a vulnerability in Apple Macos. Published 2022-05-26.

Is CVE-2022-26728 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Macos

CVE-2022-26728

This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.

EPSS: 0.004 (61.7th percentile) — read the EPSS interpretation.

Affected products

Apple Macos — versions unspecified
Apple Security Update - Catalina — versions unspecified

Public proof-of-concept exploits

ARPSyndicate/cvemon
jhftss/POC

References

support.apple.com/en-us/HT213255 (x_refsource_MISC)
support.apple.com/en-us/HT213256 (x_refsource_MISC)
support.apple.com/en-us/HT213257 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-26728?: CVE-2022-26728 is a vulnerability in Apple Macos. Published 2022-05-26.
Is CVE-2022-26728 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.