Apple Software and Device Maker
Products by Apple Sorted by Most Security Vulnerabilities since 2018
Recent Apple Security Advisories
Advisory | Title | Published |
---|---|---|
HT213259 | iTunes 12.12.4 for Windows Security Content | May 18, 2022 |
HT213253 | watchOS 8.6 Security Content | May 16, 2022 |
HT213258 | iOS 15.5 and iPadOS 15.5 Security Content | May 16, 2022 |
HT213261 | Xcode 13.4 Security Content | May 16, 2022 |
HT213260 | Safari 15.5 Security Content | May 16, 2022 |
HT213257 | macOS Monterey 12.4 Security Content | May 16, 2022 |
HT213255 | Security Update 2022-004 Catalina Security Content | May 16, 2022 |
HT213256 | macOS Big Sur 11.6.6 Security Content | May 16, 2022 |
HT213254 | tvOS 15.5 Security Content | May 16, 2022 |
HT213220 | macOS Monterey 12.3.1 Security Content | March 31, 2022 |
By the Year
In 2022 there have been 164 vulnerabilities in Apple with an average score of 7.1 out of ten. Last year Apple had 599 security vulnerabilities published. Right now, Apple is on track to have less security vulnerabilities in 2022 than it did last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.15.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 164 | 7.15 |
2021 | 599 | 6.99 |
2020 | 384 | 6.95 |
2019 | 548 | 7.42 |
2018 | 180 | 7.37 |
It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Security Vulnerabilities
An integer overflow was addressed with improved input validation
CVE-2022-26775
9.8 - Critical
- May 26, 2022
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
Integer Overflow or Wraparound
This issue was addressed with improved checks
CVE-2022-26776
9.8 - Critical
- May 26, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.
The issue was addressed with additional permissions checks
CVE-2022-26767
5.5 - Medium
- May 26, 2022
The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
AuthZ
This issue was addressed by removing the vulnerable code
CVE-2022-26746
5.5 - Medium
- May 26, 2022
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A memory corruption issue was addressed with improved state management
CVE-2022-26768
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26748
8.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26769
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
This issue was addressed with improved environment sanitization
CVE-2022-26755
6.3 - Medium
- May 26, 2022
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26756
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2022-26745
5.5 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.
Memory Corruption
A memory corruption issue was addressed with improved memory handling
CVE-2022-26761
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-26770
7.8 - High
- May 26, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Out-of-bounds Read
A memory corruption issue was addressed with improved state management
CVE-2022-26772
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26741
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26742
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26749
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26750
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26752
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26753
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A buffer overflow issue was addressed with improved memory handling
CVE-2022-26754
7.8 - High
- May 26, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Classic Buffer Overflow
A memory corruption issue was addressed with improved input validation
CVE-2022-26751
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26739
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26740
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26751
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
A memory corruption issue was addressed with improved memory handling
CVE-2022-26761
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26769
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-26770
7.8 - High
- May 26, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Out-of-bounds Read
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26748
8.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26756
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
This issue was addressed with improved environment sanitization
CVE-2022-26755
6.3 - Medium
- May 26, 2022
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.
A memory corruption issue was addressed with improved state management
CVE-2022-26768
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26743
7 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A memory corruption issue was addressed with improved validation
CVE-2022-26764
4.7 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Memory Corruption
A race condition was addressed with improved state handling
CVE-2022-26765
4.7 - Medium
- May 26, 2022
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Race Condition
The issue was addressed with additional permissions checks
CVE-2022-26767
5.5 - Medium
- May 26, 2022
The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
AuthZ
This issue was addressed with improved checks
CVE-2022-26776
9.8 - Critical
- May 26, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.
An integer overflow was addressed with improved input validation
CVE-2022-26775
9.8 - Critical
- May 26, 2022
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
Integer Overflow or Wraparound
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
This issue was addressed by removing the vulnerable code
CVE-2022-26746
5.5 - Medium
- May 26, 2022
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
This issue was addressed by removing the vulnerable code
CVE-2022-26746
5.5 - Medium
- May 26, 2022
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26748
8.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26769
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved input validation
CVE-2022-26756
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds read issue was addressed with improved input validation
CVE-2022-26770
7.8 - High
- May 26, 2022
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Out-of-bounds Read
A memory corruption issue was addressed with improved validation
CVE-2022-26745
5.5 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
A memory corruption issue was addressed with improved state management
CVE-2022-26768
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved state management
CVE-2022-26771
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A logic issue was addressed with improved state management
CVE-2022-26773
7.1 - High
- May 26, 2022
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.
A logic issue was addressed with improved state management
CVE-2022-26774
7.8 - High
- May 26, 2022
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
Improper Privilege Management
A memory corruption issue was addressed with improved input validation
CVE-2022-26751
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2022-26745
5.5 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
A memory corruption issue was addressed with improved validation
CVE-2022-26764
4.7 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Memory Corruption
A race condition was addressed with improved state handling
CVE-2022-26765
4.7 - Medium
- May 26, 2022
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Race Condition
A memory corruption issue was addressed with improved validation
CVE-2022-26764
4.7 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A race condition was addressed with improved state handling
CVE-2022-26765
4.7 - Medium
- May 26, 2022
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Race Condition
A memory corruption issue was addressed with improved state management
CVE-2022-26771
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved state management
CVE-2022-26768
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
A memory corruption issue was addressed with improved validation
CVE-2022-26745
5.5 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2022-26745
5.5 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26740
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A certificate parsing issue was addressed with improved checks
CVE-2022-26766
5.5 - Medium
- May 26, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.
Improper Certificate Validation
This issue was addressed with improved checks
CVE-2022-26747
7.8 - High
- May 26, 2022
This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26739
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26751
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2022-26764
4.7 - Medium
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Memory Corruption
This issue was addressed with improved environment sanitization
CVE-2022-26755
6.3 - Medium
- May 26, 2022
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.
A memory corruption issue was addressed with improved memory handling
CVE-2022-26761
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved input validation
CVE-2022-26751
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26739
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26740
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds access issue was addressed with improved bounds checking
CVE-2022-26763
7.8 - High
- May 26, 2022
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
Buffer Overflow
A memory corruption issue was addressed with improved state management
CVE-2022-26744
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A race condition was addressed with improved state handling
CVE-2022-26765
4.7 - Medium
- May 26, 2022
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Race Condition
A memory corruption issue was addressed with improved state management
CVE-2022-26768
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved state management
CVE-2022-26771
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A use after free issue was addressed with improved memory management
CVE-2022-26757
7.8 - High
- May 26, 2022
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Dangling pointer
A race condition was addressed with improved locking
CVE-2022-26701
7.5 - High
- May 26, 2022
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Race Condition
A memory initialization issue was addressed
CVE-2022-26721
7.8 - High
- May 26, 2022
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
Improper Initialization
This issue was addressed with improved entitlements
CVE-2022-26727
5.5 - Medium
- May 26, 2022
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.
An authentication issue was addressed with improved state management
CVE-2022-26724
5.5 - Medium
- May 26, 2022
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
authentification
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26738
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An integer overflow issue was addressed with improved input validation
CVE-2022-26711
9.8 - Critical
- May 26, 2022
An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Integer Overflow or Wraparound
A memory corruption issue was addressed with improved validation
CVE-2022-26714
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26720
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
A memory corruption issue was addressed with improved validation
CVE-2022-26714
7.8 - High
- May 26, 2022
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking
CVE-2022-26736
7.8 - High
- May 26, 2022
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Memory Corruption