Information disclosure in macOS - CVE-2022-26725
Published: May 16, 2022
Vulnerability identifier: #VU63248
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26725
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by ImageIO. Photo location information may persist after it is removed with Preview Inspector. A remote attacker can gain unauthorized access to sensitive information.
How to mitigate CVE-2022-26725
Install updates from vendor's website.