#VU63248 Information disclosure in macOS - CVE-2022-26725
Published: May 16, 2022
Vulnerability identifier: #VU63248
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26725
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
macOS
macOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by ImageIO. Photo location information may persist after it is removed with Preview Inspector. A remote attacker can gain unauthorized access to sensitive information.
Remediation
Install updates from vendor's website.