CVE-2022-26723: Input Validation
First published: Mon May 16 2022(Updated: )
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.
Credit: Felix Poulin-Belanger Felix Poulin-Belanger product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Big Sur | <11.6.6 | 11.6.6 |
| <12.4 | 12.4 | |
| Apple macOS | >=11.0<11.6.6 | |
| Apple macOS | >=12.0<12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213256 (Advisory)
- https://support.apple.com/en-us/HT213257 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22665
- CVE-2022-22675
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26698
- CVE-2022-26697
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26763
- CVE-2022-22674
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2022-26768
- CVE-2022-26714
- CVE-2022-26757
- CVE-2021-30946
- CVE-2022-26767
- CVE-2022-26706
- CVE-2022-32882
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-0778
- CVE-2022-23308
- CVE-2022-32794
- CVE-2022-26712
- CVE-2022-26746
- CVE-2022-26731
- CVE-2022-26766
- CVE-2022-26718
- CVE-2022-26723
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26726
- CVE-2022-26755
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-22589
- CVE-2022-26745
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-26772
- CVE-2022-26741
- CVE-2022-26742
- CVE-2022-26749
- CVE-2022-26750
- CVE-2022-26752
- CVE-2022-26753
- CVE-2022-26754
- CVE-2022-26707
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-32783
- CVE-2022-26694
- CVE-2022-32781
- CVE-2022-26711
- CVE-2022-26725
- CVE-2022-26701
- CVE-2022-26758
- CVE-2022-26743
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26708
- CVE-2022-26775
- CVE-2022-48575
- CVE-2022-22617
- CVE-2022-26727
- CVE-2022-32782
- CVE-2022-26693
- CVE-2022-26704
- CVE-2022-42857
- CVE-2022-26696
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-22677
- CVE-2022-26762
Frequently Asked Questions
What is CVE-2022-26723?
CVE-2022-26723 is a memory corruption issue in SMB that has been fixed in macOS Monterey 12.4 and macOS Big Sur 11.6.6.
How can CVE-2022-26723 be exploited?
CVE-2022-26723 can be exploited by mounting a maliciously crafted Samba network share, which may lead to arbitrary code execution.
What is the severity of CVE-2022-26723?
CVE-2022-26723 has a severity rating of 9.8 (Critical).
How can I fix CVE-2022-26723?
To fix CVE-2022-26723, update your macOS to version 12.4 if you are on macOS Monterey, or update to version 11.6.6 if you are on macOS Big Sur. Regularly installing software updates is important for maintaining security.
Where can I find more information about CVE-2022-26723?
You can find more information about CVE-2022-26723 on Apple's official support page: [CVE-2022-26723](https://support.apple.com/en-us/HT213256).
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/event
- agent/tags
- agent/trending
- vendor/apple
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0
- canonical/apple macos big sur
- canonical/apple macos monterey