CVE-2022-22582

Summary

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.

Affected Software

VendorProductVersion RangeStatus
ApplemacOSunspecified < 12.3affected
ApplemacOSunspecified < 2022affected
ApplemacOSunspecified < 11.6affected

Weaknesses

  • A local user may be able to write arbitrary files

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References