CVE-2022-22600
MEDIUMiPadOS < 15.4 - Privacy Preference Bypass via Improved Permissions Logic
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-22600. PoCs published by KlinKlinKlin.
AI-analyzed exploit summary This PoC exploits CVE-2022-22600, a macOS vulnerability where executable permissions are bypassed if the binary is deleted after execution. The script copies and runs a screenshot utility without triggering TCC prompts.
Description
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.
Exploits (1)
This PoC exploits CVE-2022-22600, a macOS vulnerability where executable permissions are bypassed if the binary is deleted after execution. The script copies and runs a screenshot utility without triggering TCC prompts.
References (4)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N