CVE-2022-26711

CRITICAL

tvOS <15.5 - Code Injection

Title source: llm

Description

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Exploits (1)

nomisec WORKING POC 3 stars

by xpcmdshell · poc

https://github.com/xpcmdshell/CVE-2022-26711

View Code ZIP pw:eip

References (5)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213253

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213254

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213257

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213258

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213259

Scores

CVSS v3 9.8

EPSS 0.0218

EPSS Percentile 84.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (6)

apple/ipados < 15.5

apple/iphone_os < 15.5

apple/itunes < 12.12.4

apple/macos 12.0.0 - 12.4

apple/tvos < 15.5

apple/watchos < 8.6

Published May 26, 2022

Tracked Since Feb 18, 2026