How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Wednesday, May 20, 2026 at 09:02 AM UTC·Source: Securelist (Kaspersky)

Updated: Wednesday, May 20, 2026 at 10:00 AM UTC

Executive Summary

We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).

Analysis

We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).

Indicators of Compromise (1)

CVE (1)

CVE-2026-3102

NVD MITRE CVE

Source Attribution

Originally published by Securelist (Kaspersky) on May 20, 2026.

Related Threats

CRITICALZero Day

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the

CVE-2026-45585

9h agoThe Hacker News

CRITICALZero Day

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [...]

9h agoBleepingComputer

CRITICALZero Day

Windows Zero-Day Barrage Continues After Patch Tuesday

YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.

20h agoDark Reading