CVE-2022-26702: Use After Free
First published: Mon May 16 2022(Updated: )
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.
Credit: an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom an anonymous researcher Antonio Zekic @antoniozekic John Aakerblom @jaakerblom product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <8.6 | 8.6 |
| Apple iPadOS | <15.5 | |
| Apple iPhone OS | <15.5 | |
| Apple tvOS | <15.5 | |
| Apple watchOS | <8.6 | |
| Apple tvOS | <15.5 | 15.5 |
| Apple iOS | <15.5 | 15.5 |
| Apple iPadOS | <15.5 | 15.5 |
| <11.7.5 | 11.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213253 (Advisory)
- http://seclists.org/fulldisclosure/2023/Mar/21
- https://support.apple.com/en-us/HT213254 (Advisory)
- https://support.apple.com/en-us/HT213258 (Advisory)
- https://support.apple.com/kb/HT213675
- https://support.apple.com/en-us/HT213675 (Advisory)
- https://support.apple.com/kb/HT213258
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-26702
- CVE-2022-22675
- CVE-2022-26763
- CVE-2022-26711
- CVE-2022-26768
- CVE-2022-26771
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26706
- CVE-2022-26775
- CVE-2022-26708
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-23308
- CVE-2022-26766
- CVE-2022-26726
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-26745
- CVE-2022-26724
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-26701
- CVE-2022-26751
- CVE-2022-32781
- CVE-2022-26744
- CVE-2022-22673
- CVE-2022-26731
- CVE-2022-26703
- CVE-2022-26704
- CVE-2022-22677
- CVE-2022-26760
- CVE-2015-4142
- CVE-2022-26762
- CVE-2023-23540
- CVE-2023-23527
- CVE-2023-27951
- CVE-2023-27961
- CVE-2023-23534
- CVE-2023-27955
- CVE-2023-27936
- CVE-2023-40398
- CVE-2023-27935
- CVE-2023-27953
- CVE-2023-27958
- CVE-2023-23537
- CVE-2023-32366
- CVE-2023-27937
- CVE-2023-27928
- CVE-2023-27946
- CVE-2023-23535
- CVE-2023-32378
- CVE-2023-27941
- CVE-2023-28199
- CVE-2023-23536
- CVE-2023-23514
- CVE-2023-28200
- CVE-2023-28185
- CVE-2023-23525
- CVE-2023-41075
- CVE-2023-28189
- CVE-2023-28197
- CVE-2023-28182
- CVE-2023-27962
- CVE-2023-27942
- CVE-2023-23542
- CVE-2023-28192
- CVE-2023-0433
- CVE-2023-0512
- CVE-2023-27944
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-26702.
What is the description of this vulnerability?
The vulnerability is a use after free issue in AppleAVD that has been addressed with improved memory management.
Which software versions are affected by this vulnerability?
The vulnerability affects macOS Big Sur up to version 11.7.5, iOS up to version 15.5, iPadOS up to version 15.5, tvOS up to version 15.5, and watchOS up to version 8.6.
What is the severity of CVE-2022-26702?
The severity of CVE-2022-26702 has not been provided.
How can I fix CVE-2022-26702?
To fix CVE-2022-26702, update your software to the latest version provided by Apple.
- agent/type
- agent/first-publish-date
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- source/Apple
- agent/software-canonical-lookup
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple watchos
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple tvos
- canonical/apple ios
- canonical/apple macos big sur