CVE-2022-26702: Use After Free
First published: Mon May 16 2022(Updated: )
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Credit: an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom product-security@apple.com an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom Mickey Jin @patch1t Brandon Dalton @partyD0lphin Red CanaryCsaba Fitzl @theevilbit Offensive SecurityRıza Sabuncu @rizasabuncu Mickey Jin @patch1t JeongOhKyea Tingting Yin Tsinghua UniversityMickey Jin @patch1t Aleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco Talosan anonymous researcher Ye Zhang @VAR10CK Baidu Securityan anonymous researcher Csaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t ryuzaki Murray Mike Arsenii Kostromin (0x3c3e) Arsenii Kostromin (0x3c3e) Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project ZeroArsenii Kostromin (0x3c3e) Pan ZhenPeng STAR Labs SG PteMickey Jin @patch1t Zweig Kunlun LabMickey Jin @patch1t Joshua Jones Zhuowei Zhang Mickey Jin @patch1t Mickey Jin @patch1t Adam M. Guilherme Rambo Best Buddy AppsCVE-2023-0433 CVE-2023-0512 Mickey Jin @patch1t Mohamed GHANNAM @_simo36 an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom Mickey Jin @patch1t Brandon Dalton @partyD0lphin Red CanaryCsaba Fitzl @theevilbit Offensive SecurityRıza Sabuncu @rizasabuncu Mickey Jin @patch1t JeongOhKyea Tingting Yin Tsinghua UniversityMickey Jin @patch1t Aleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco TalosAleksandar Nikolic Cisco Talosan anonymous researcher Ye Zhang @VAR10CK Baidu Securityan anonymous researcher Csaba Fitzl @theevilbit Offensive SecurityMickey Jin @patch1t ryuzaki Murray Mike Arsenii Kostromin (0x3c3e) Arsenii Kostromin (0x3c3e) Félix Poulin-Bélanger David Pan Ogea Xinru Chi Pangu LabNed Williamson Google Project ZeroArsenii Kostromin (0x3c3e) Pan ZhenPeng STAR Labs SG PteMickey Jin @patch1t Zweig Kunlun LabMickey Jin @patch1t Joshua Jones Zhuowei Zhang Mickey Jin @patch1t Mickey Jin @patch1t Adam M. Guilherme Rambo Best Buddy AppsCVE-2023-0433 CVE-2023-0512 Mickey Jin @patch1t
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <8.6 | 8.6 |
| Apple iPadOS | <15.5 | |
| Apple iPhone OS | <15.5 | |
| Apple tvOS | <15.5 | |
| Apple watchOS | <8.6 | |
| Apple tvOS | <15.5 | 15.5 |
| Apple iOS | <15.5 | 15.5 |
| Apple iPadOS | <15.5 | 15.5 |
| Apple macOS | <11.7.5 | 11.7.5 |
| <11.7.5 | 11.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213253 (Advisory)
- http://seclists.org/fulldisclosure/2023/Mar/21
- https://support.apple.com/en-us/HT213254 (Advisory)
- https://support.apple.com/en-us/HT213258 (Advisory)
- https://support.apple.com/kb/HT213675
- https://support.apple.com/kb/HT213258
- https://support.apple.com/en-us/HT213675 (Advisory)
- https://support.apple.com/en-us/102784 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-26702
- CVE-2022-22675
- CVE-2022-26763
- CVE-2022-26711
- CVE-2022-26768
- CVE-2022-26771
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26706
- CVE-2022-26775
- CVE-2022-26708
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-23308
- CVE-2022-26766
- CVE-2022-26726
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-26745
- CVE-2022-26724
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-26701
- CVE-2022-26751
- CVE-2022-32781
- CVE-2022-26744
- CVE-2022-22673
- CVE-2022-26731
- CVE-2022-26703
- CVE-2022-26704
- CVE-2022-22677
- CVE-2022-26760
- CVE-2015-4142
- CVE-2022-26762
- CVE-2023-23540
- CVE-2023-23527
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-23534
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-40398
- CVE-2023-27935
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-23537
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-27928
- CVE-2023-27946
- CVE-2023-23535
- CVE-2023-32378
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-28200
- CVE-2023-28185
- CVE-2023-23525
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-28182
- CVE-2023-27962
- CVE-2023-27942
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-27944
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-26702.
What is the description of this vulnerability?
The vulnerability is a use after free issue in AppleAVD that has been addressed with improved memory management.
Which software versions are affected by this vulnerability?
The vulnerability affects macOS Big Sur up to version 11.7.5, iOS up to version 15.5, iPadOS up to version 15.5, tvOS up to version 15.5, and watchOS up to version 8.6.
What is the severity of CVE-2022-26702?
The severity of CVE-2022-26702 has not been provided.
How can I fix CVE-2022-26702?
To fix CVE-2022-26702, update your software to the latest version provided by Apple.
- agent/type
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- source/Apple
- agent/software-canonical-lookup
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- alias/CVE-2023-23527
- alias/CVE-2023-27951
- alias/CVE-2023-27961
- alias/CVE-2023-23534
- alias/CVE-2023-27955
- alias/CVE-2023-27936
- alias/CVE-2023-40398
- alias/CVE-2023-27935
- alias/CVE-2023-27953
- alias/CVE-2023-27958
- alias/CVE-2023-23537
- alias/CVE-2023-32366
- alias/CVE-2023-27937
- alias/CVE-2023-27928
- alias/CVE-2023-27946
- alias/CVE-2023-23535
- alias/CVE-2023-32378
- alias/CVE-2023-27941
- alias/CVE-2023-28199
- alias/CVE-2023-23536
- alias/CVE-2023-23514
- alias/CVE-2023-28200
- alias/CVE-2023-28185
- alias/CVE-2023-23525
- alias/CVE-2023-41075
- alias/CVE-2023-28189
- alias/CVE-2023-28197
- alias/CVE-2023-28182
- alias/CVE-2023-27962
- alias/CVE-2023-27942
- alias/CVE-2023-23542
- alias/CVE-2023-28192
- alias/CVE-2023-0433
- alias/CVE-2023-0512
- alias/CVE-2023-27944
- alias/CVE-2022-26702
- agent/event
- vendor/apple
- canonical/apple watchos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple tvos
- canonical/apple ios
- canonical/apple macos