vulnerability

OS X update for PackageKit (CVE-2022-26688)

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:C/A:N)

Published

May 26, 2022

Added

May 26, 2022

Modified

Mar 27, 2026

Description

An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.

Solutions

apple-osx-security-update-2022-003-catalinaapple-osx-upgrade-11_6_5apple-osx-upgrade-12_3

References

CVE-2022-26688
https://attackerkb.com/topics/CVE-2022-26688
CWE-59
EUVD-EUVD-2022-31238
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-31238
https://support.apple.com/kb/HT213183
https://support.apple.com/kb/HT213184
https://support.apple.com/kb/HT213185

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report