Description
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.
References (6)
Core 6
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213257
Mailing List x_refsource_confirm
https://support.apple.com/kb/HT213343
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT213344
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Jul/14
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Jul/13
Technical Description, Third Party Advisory x_refsource_misc
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md
Scores
CVSS v3
7.8
EPSS
0.0037
EPSS Percentile
58.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (3)
apple/mac_os_x
10.15.7 (17 CPE variants)
apple/mac_os_x
10.15 - 10.15.7
apple/macos
11.0 - 11.6.8
Published
May 26, 2022
Tracked Since
Feb 18, 2026