CVE-2022-22676

Medium

5.5/10

Summary

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published May 26, 2022

CVE-2022-22676

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS