CVE-2022-26766

Published: May 26, 2022Modified: May 30, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.

Affected (20)

Products: Apple: Ipados, Iphone Os, Mac Os X, Macos, Tvos, Watchos

6 products

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.5
Apple Iphone Os	Before 15.5
Apple Mac Os X	Before 10.15.7
Apple Mac Os X	Version 10.15.7
Apple Mac Os X	Version 10.15.7 security_update_2020-001
Apple Mac Os X	Version 10.15.7 security_update_2021-001
Apple Mac Os X	Version 10.15.7 security_update_2021-002
Apple Mac Os X	Version 10.15.7 security_update_2021-003
Apple Mac Os X	Version 10.15.7 security_update_2021-004
Apple Mac Os X	Version 10.15.7 security_update_2021-005
Apple Mac Os X	Version 10.15.7 security_update_2021-006
Apple Mac Os X	Version 10.15.7 security_update_2021-007
Apple Mac Os X	Version 10.15.7 security_update_2021-008
Apple Mac Os X	Version 10.15.7 security_update_2022-001
Apple Mac Os X	Version 10.15.7 security_update_2022-002
Apple Mac Os X	Version 10.15.7 security_update_2022-003
Apple Macos	From 11.0 to 11.6.6
Apple Macos	From 12.0 to 12.4
Apple Tvos	Before 15.5
Apple Watchos	Before 8.6