Login Sign Up

CVE-2022-26736

7.8 HIGH

📋 TL;DR

CVE-2022-26736 is an out-of-bounds write vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. This affects tvOS, macOS Monterey, iOS, and iPadOS before version 15.5. Attackers could gain complete control of affected devices.

💻 Affected Systems

Products:
  • tvOS
  • macOS Monterey
  • iOS
  • iPadOS
Versions: Versions before 15.5
Operating Systems: tvOS, macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple devices are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level access, allowing attackers to install persistent malware, steal sensitive data, or create backdoors.

🟠

Likely Case

Privilege escalation leading to unauthorized access to system resources and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper patch management and application sandboxing in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires a malicious application to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 15.5, macOS Monterey 12.4, iOS 15.5, iPadOS 15.5

Vendor Advisory: https://support.apple.com/en-us/HT213254

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Limit installation of applications to only trusted sources from the App Store.

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data.
  • Implement strict application control policies to prevent unauthorized app installation.

🔍 How to Verify

Check if Vulnerable:

Check system version in Settings > General > About on iOS/iPadOS, or System Preferences > About on macOS.

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS: Check in Settings > General > About > Version.

Verify Fix Applied:

Verify system version is tvOS 15.5+, macOS Monterey 12.4+, iOS 15.5+, or iPadOS 15.5+.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics
  • Unusual process creation with elevated privileges
  • System integrity protection (SIP) violations

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious network activity following app installation

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR process="kernel_task" AND action="elevated_privileges")

📊 Metadata

CVE ID: CVE-2022-26736
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26736, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)