Login Sign Up

CVE-2022-26738

7.8 HIGH

📋 TL;DR

CVE-2022-26738 is an out-of-bounds write vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. This affects users of tvOS, macOS Monterey, iOS, and iPadOS before version 15.5. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • tvOS
  • macOS Monterey
  • iOS
  • iPadOS
Versions: Versions before 15.5
Operating Systems: Apple tvOS, Apple macOS, Apple iOS, Apple iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Requires malicious application execution.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level persistence, data theft, and ability to bypass all security controls.

🟠

Likely Case

Malicious app gains kernel privileges to install backdoors, steal credentials, or disable security features.

🟢

If Mitigated

Attack fails due to updated OS versions or app sandboxing preventing initial access.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires user to install/execute malicious application. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 15.5, macOS Monterey 12.4, iOS 15.5, iPadOS 15.5

Vendor Advisory: https://support.apple.com/en-us/HT213254

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Install available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation from trusted sources like App Store

Not applicable - configure via device settings

🧯 If You Can't Patch

  • Isolate affected devices from critical networks
  • Implement application allowlisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check OS version in Settings > General > About

Check Version:

Not applicable - check via device settings interface

Verify Fix Applied:

Verify OS version is tvOS 15.5+, macOS Monterey 12.4+, iOS 15.5+, or iPadOS 15.5+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel module loading
  • Privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from system processes

SIEM Query:

Not applicable - device-level vulnerability

📊 Metadata

CVE ID: CVE-2022-26738
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26738, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)