CVE-2022-26717

HIGH

iTunes < 12.12.4 - Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-26717. PoCs published by theori-io, Theori-lO.

AI-analyzed exploit summary This repository contains a README describing CVE-2022-26717, a Safari WebGL use-after-free vulnerability. No exploit code is present, only credits and patch information.

Description

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (2)

nomisec WRITEUP 56 stars

by theori-io · poc

https://github.com/theori-io/CVE-2022-26717-Safari-WebGL-Exploit

View Code ZIP pw:eip

This repository contains a README describing CVE-2022-26717, a Safari WebGL use-after-free vulnerability. No exploit code is present, only credits and patch information.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Apple Safari (WebGL implementation)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Safari

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB

by Theori-lO · poc

https://github.com/Theori-lO/CVE-2022-26717-Safari-WebGL-Exploit

View Code ZIP pw:eip

The repository contains only a README with minimal information about CVE-2022-26717, a Safari WebGL use-after-free vulnerability, but no exploit code or technical details.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Apple Safari (WebGL)

No auth needed

Prerequisites: none

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 30, 2026 Full analysis →