CVE-2022-22582

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.

Published: Feb 27, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-22582
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-59

Affected Software
References

Vulnerability Database

289,599

CVE-2022-22582

Software	From	Fixed in
apple / mac_os_x	10.15.7-security_update_2020-005	10.15.7-security_update_2020-005.x
apple / mac_os_x	10.15.7-security_update_2020-007	10.15.7-security_update_2020-007.x
apple / mac_os_x	10.15.7	10.15.7.x
apple / mac_os_x	10.15.7-security_update_2020-001	10.15.7-security_update_2020-001.x
apple / mac_os_x	10.15.7-security_update_2020	10.15.7-security_update_2020.x
apple / mac_os_x	10.15.7-security_update_2021-001	10.15.7-security_update_2021-001.x
apple / mac_os_x	10.15.7-security_update_2021-002	10.15.7-security_update_2021-002.x
apple / mac_os_x	10.15.7-security_update_2021-003	10.15.7-security_update_2021-003.x
apple / mac_os_x	10.15.7-security_update_2021-006	10.15.7-security_update_2021-006.x
apple / mac_os_x	10.15.7-security_update_2021-008	10.15.7-security_update_2021-008.x
apple / mac_os_x	10.15.7-security_update_2021-007	10.15.7-security_update_2021-007.x
apple / macos	12.0.0	12.3
apple / macos	11.0	11.6.5
apple / mac_os_x	10.15.7-security_update_2022-002	10.15.7-security_update_2022-002.x
apple / mac_os_x	10.15.7-security_update_2022-001	10.15.7-security_update_2022-001.x