CVE-2026-3102: The Photo That Pwns Your Mac

A single photograph can now silently execute code on your Mac without you clicking anything, opening anything, or doing anything wrong. CVE-2026-3102 is not a theoretical threat. It is a real, patched-but-widely-unmitigated remote code execution vulnerability sitting inside one of the most trusted tools in photography, digital forensics, and investigative journalism.

There is a persistent and damaging myth in cybersecurity that Macs are inherently safe. CVE-2026-3102, discovered by Kaspersky's Global Research and Analysis Team (GReAT) and disclosed in early March 2026, is a direct counter-argument to that belief. It is macOS-specific, it requires no user interaction beyond a file being processed, and it can deliver trojans or infostealers silently into a workflow that may be running thousands of images per day. The patch exists. The question is whether anyone has applied it yet — and more importantly, whether they have found every copy of the vulnerable library hiding inside their stack.

What ExifTool Actually Does and Why It Is Everywhere

ExifTool was written by Phil Harvey and has been the industry standard for image metadata operations for well over a decade. It reads, writes, and edits metadata across an enormous range of file formats including JPEG, PNG, TIFF, RAW formats like ARW and CR3, PDF, video containers, FLIR thermal imagery, LYTRO light-field photos, and DICOM medical imaging files. If data is buried in a file and you need to get it out or put it in, ExifTool almost certainly handles it.

Common real-world uses include adjusting incorrect date stamps, moving metadata between file formats, pulling preview thumbnails from professional RAW files, embedding GPS coordinates from a separate track log, and renaming or sorting files based on actual shoot time. In large organizations, digital libraries, publishing houses, and image analytics firms, ExifTool runs in fully automated pipelines that process incoming files without any human review of individual images.

That automated, high-volume, trust-everything pipeline is precisely what makes CVE-2026-3102 dangerous. The vulnerability is not a browser flaw that needs a user to visit a malicious page. It is a metadata parsing flaw. The moment a vulnerable system ingests the crafted file, the attack has already succeeded.

Kaspersky GReAT confirmed that a Mac can be compromised by malware through photo processing alone — dispelling the persistent myth of macOS invulnerability. As researchers put it, the answer to whether a photo can infect a Mac is simply "yes." — Kaspersky GReAT, official blog disclosure, March 2026

Anatomy of the Attack

The exploit is elegant in a troubling way. An attacker crafts an image file — the image content itself is irrelevant and can be anything visually normal — and embeds the malicious payload entirely within the file's metadata. Specifically, the attack targets the DateTimeOriginal field, which is the standard EXIF tag recording when a photo was taken.

The attacker writes an invalid value into that field. Rather than a properly formatted date and time string, the field contains shell commands. On a properly hardened or default-mode ExifTool installation, those commands would be treated as malformed data and either displayed as a string or flagged as invalid. But under a specific operating condition, they execute.

The two conditions that must both be true for exploitation to succeed are: the system must be running macOS, and ExifTool must be invoked with the -n flag (which disables print conversion, bypassing the human-readable output layer). When both are true, the shell commands in the metadata field are passed to the system and executed.

The Flag That Makes It Work

The -n flag is one of the more commonly used options in production ExifTool deployments. Its long-form equivalent is --printConv — the double-dash prefix in ExifTool's convention means disable, so --printConv disables print conversion, identical to -n. Without either, ExifTool applies human-readable conversions to output values. Camera orientation, for example, gets translated from a raw integer into something like "Rotate 90 CW." With -n enabled, ExifTool skips those conversions entirely and outputs machine-readable raw values. Kaspersky's original disclosure includes a clarifying example: in -n mode, that same camera orientation data simply outputs as the number "six" — meaningless to a human, but clean and parseable for an automated system that knows what to do with it. That raw output is what data pipelines, database ingestion scripts, asset management systems, and bulk processing workflows typically require.

The mechanism behind the vulnerability is now visible in that framing. The human-readable conversion is not merely cosmetic — it acts as an accidental sanitization layer. When ExifTool converts a raw field value into human-readable form, that conversion process strips or transforms content in ways that would prevent shell metacharacters from being interpreted by the operating system. When you disable those conversions with -n, you disable that sanitization. The DateTimeOriginal field — which ExifTool reads and passes through the SetMacOSTags function during PNG processing on macOS — ends up being forwarded to the system with its contents unevaluated.

The cruel irony is that the very feature making ExifTool output more useful in production automation is the same feature that strips the layer of processing which would otherwise prevent execution. Organizations turned it on for legitimate operational reasons. Their configurations are intentional. Nothing looks wrong from the outside. This is the kind of vulnerability that is especially treacherous precisely because it hides inside a deliberate choice.

# Standard ExifTool call - safe in this context (print conversion enabled by default)
exiftool image.png

# With -n flag - disables print conversion, triggering vulnerability on macOS (pre-13.50)
exiftool -n image.png

# --printConv is the long-form equivalent of -n (double-dash = disable in ExifTool)
exiftool --printConv image.png

# In automated pipelines this often appears as:
exiftool -n -json /path/to/incoming/*.png
exiftool -n -json /path/to/incoming/*.jpg

The Severity Scoring Tension

There is a meaningful disagreement in how this vulnerability is being rated, and it is worth understanding because it affects how organizations prioritize their response. Kaspersky GReAT, the team that discovered and disclosed the vulnerability, describes it as critical. OffSeq Threat Radar, independently analyzing the same CVE, rates it medium severity. The National Vulnerability Database published the CVE-2026-3102 record on February 24, 2026, but has not yet assigned a formal CVSS score. The NVD entry confirms the vulnerability as an OS command injection via manipulation of the DateTimeOriginal argument, with the exploit publicly disclosed and potentially in active use.

This discrepancy is not unusual, but it is instructive. CVSS Base Scores measure the theoretical maximum severity of a vulnerability in isolation. When you apply CVSS metrics to this flaw, several factors reduce the Base Score below what you might expect from a remote code execution: the attack vector is local rather than network-facing in many configurations, the attack complexity is low but requires a specific flag condition, and scope is limited to the process running ExifTool. That math can produce a medium-range score on paper.

What CVSS Base Scores do not capture is environmental and deployment context. They cannot factor in that this vulnerability lives inside automated, unattended workflows processing files from external, untrusted sources. They cannot account for the fact that a compromised ExifTool process running under a service account in a media company's ingestion pipeline may have access to terabytes of sensitive content and the credentials to reach internal network shares. The theoretical severity is one number. The operational severity, in the environments most likely to be running ExifTool with the -n flag, is considerably higher.

The honest answer is that organizations should treat the Kaspersky framing as the more operationally accurate one for their risk decisions, while understanding that any eventual NVD score may land lower. A medium CVSS score being actively exploited in a critical workflow is more dangerous than a critical CVSS score on a system no attacker can reach. That is why CISA's Known Exploited Vulnerabilities catalog exists as a separate signal from CVSS scores — severity is contextual, and this vulnerability is most dangerous precisely where ExifTool is most trusted.

Who Is Actually at Risk

The organizations with the most exposure are those running automated macOS-based image ingestion workflows. This is not a narrow category. Digital asset management platforms used by media companies, stock photo services, publishing houses, legal document processing firms, and medical imaging systems all commonly run ExifTool in the background. Forensic labs using macOS workstations to process evidence images are in this group. Investigative journalism organizations that receive images from external sources and process them for publication metadata are in this group. Any CI/CD pipeline on macOS that processes image uploads as part of a web application could be in this group.

The attack requires no authentication. It requires no social engineering. The attacker sends a carefully crafted image to any intake point that eventually feeds into an automated ExifTool pipeline, and waits. If the conditions are met, code runs under the security context of whatever user or service account is running ExifTool.

OffSeq Threat Radar's analysis notes that because exploitation requires no authentication and no user interaction beyond file processing, it is "a potent vector for infection" — particularly in automated environments. — OffSeq Threat Radar analysis, March 2026

Individual photographers who use Lightroom, Capture One, or other photo management applications that embed ExifTool internally may also be exposed without knowing it. If those applications call ExifTool with the -n flag on macOS and bundle a version older than 13.50, processing a malicious image file from an untrusted source could trigger execution. The user would have no warning. The application would appear to function normally.

One category that deserves specific attention and rarely receives it: organizations that allow BYOD (bring your own device) or work with external contractors on macOS systems. A contractor's personal MacBook running an older photo management app with a bundled ExifTool version may not fall under the organization's patch management scope. If that contractor processes client images or uploads files to shared storage from their device, the exposure extends beyond the organization's directly managed fleet. Kaspersky's guidance explicitly addresses this: any device accessing the network from someone who handles images should have a current security solution and ideally be verified for ExifTool version compliance before receiving untrusted files.

What Happens After Exploitation

The vulnerability description says it enables "remote code execution," but that phrase abstracts away what actually happens after the shell commands embedded in the image metadata run. It is worth being specific, because the post-exploitation surface for this class of attack is what determines actual organizational impact.

When the malicious DateTimeOriginal field executes, it does so under the security context of the user or service account running ExifTool. In automated pipelines, that account is often a service account with substantial filesystem access — read/write permissions on the incoming file queue, the processed archive, and frequently the network shares those directories map to. The initial code execution can establish persistence, exfiltrate credentials, deploy an infostealer to harvest locally cached browser credentials and API tokens, or install a trojan that maintains ongoing access without any further file delivery required.

Kaspersky specifically identifies trojans and infostealers as the likely payload categories for this vulnerability. That framing is deliberate: these are not noisy destructive attacks but quiet access tools. An infostealer dropped into a media company's ingestion pipeline can harvest credentials for weeks before anyone notices anything unusual. The workflow processes images normally. The output looks clean. The infostealer runs in the background, exfiltrating tokens, session cookies, and any plaintext credentials it finds. The detection surface is minimal because nothing in the intended workflow is disrupted.

This post-exploitation profile is why the "no user interaction" aspect of CVE-2026-3102 matters so much. A vulnerability that requires a user to open a malicious file creates a detection opportunity when that user notices something wrong. A vulnerability that executes silently in an automated background process removes that detection layer entirely. The attacker's window of activity begins from the moment the malicious image enters the pipeline and may not be discovered until a downstream consequence surfaces — or never, if the infostealer is careful about its network traffic patterns.

ExifTool Has Been Here Before

CVE-2026-3102 did not arrive in a vacuum. ExifTool has a documented history of remote code execution vulnerabilities rooted in the same fundamental problem: the tool parses a wide variety of file formats written in Perl, and Perl's dynamic evaluation capabilities have repeatedly created pathways for injected code to execute.

The most significant prior example is CVE-2021-22204, discovered by security researcher William Bowling through GitLab's bug bounty program. That vulnerability affected ExifTool versions 7.44 through 12.23 and allowed arbitrary code execution by exploiting how ExifTool parsed DjVu file annotations. The DjVu module passed annotation content into a Perl eval function after insufficient sanitization of special characters. An attacker could embed Perl code in the annotation chunk of a DjVu file and, because DjVu payloads could be wrapped inside a valid JPEG container, deliver it as an apparently ordinary image.

Conviso Application Security's case study on CVE-2021-22204 identifies the flaw as improper neutralization of user data in DjVu parsing. Their analysis notes that the tool parsed annotation content in a way that enabled arbitrary code execution. — Conviso Application Security, CVE-2021-22204 case study

CVE-2021-22204 became a critical issue for GitLab because GitLab's Workhorse component passed uploaded images directly to ExifTool to strip non-whitelisted metadata tags. GitLab assigned this its own CVE number, CVE-2021-22205, rated critical, because it enabled unauthenticated remote code execution on GitLab servers running a vulnerable ExifTool version. Any user who could upload an avatar or image attachment could compromise the server.

That 2021 vulnerability was added to CISA's Known Exploited Vulnerabilities catalog, confirming real-world active exploitation. The same class of flaw has now resurfaced five years later in a different field and a different operating system context, but with the same core lesson: ExifTool's breadth of format support and its Perl underpinnings create ongoing risk that demands continuous attention, not a one-time patch.

The Hidden Copy Problem

Patching ExifTool is necessary but not sufficient, and this is the part that organizations consistently get wrong. ExifTool is available as both a standalone command-line binary and as a Perl library. Many applications bundle the library directly into their own distribution. When those applications ship, they include a specific version of ExifTool frozen at the time of their build. When you update ExifTool on your system, you do not update the copy embedded inside those applications.

This is the embedded dependency problem that has plagued software security for years, and CVE-2026-3102 is a sharp illustration of it. An organization can update the system-level ExifTool binary to 13.50, run the version check, see the correct version number, mark the item closed in their remediation tracker, and still be fully vulnerable because their digital asset management platform, their photo editing suite, or their custom imaging script is calling an embedded older copy they never knew existed.

Finding those hidden copies requires a deliberate audit. On macOS, this means searching the filesystem for ExifTool library files, checking application bundles for embedded Perl modules, reviewing any containerized workflows that bake ExifTool into a Docker image at build time, and verifying that every custom script which calls ExifTool by path is pointing at the updated binary and not a locally cached or vendored version.

# Find all ExifTool installations on macOS
find / -name "exiftool" -o -name "ExifTool.pm" 2>/dev/null

# Check version of any found binary
/path/to/exiftool -ver

# Check version inside an app bundle
find /Applications -name "ExifTool.pm" 2>/dev/null

How to Fix It and What to Audit

The official fix is ExifTool version 13.50, released by Phil Harvey on February 7, 2026, following responsible disclosure by Kaspersky GReAT. It is available at exiftool.org. Subsequent releases (13.51 on February 19 and 13.52 on February 27) continue the regular cadence. The security fix is in all versions from 13.50 forward, and there is no reason to stop at 13.50 — updating to the current latest version is always the better choice. The update is straightforward for standalone installations. The harder work is everything else.

What the patch actually does is important to understand, not just that it exists. The fix closes the shell passthrough condition in timestamp field parsing when the -n flag is active on macOS. Rather than forwarding the raw field value directly to the system in a context where shell metacharacters are evaluated, version 13.50 applies sanitization to the DateTimeOriginal field that strips or escapes any content that could be interpreted as a shell command. The attack chain requires both the flag condition and the unsanitized passthrough. Removing the passthrough closes the attack chain even when the flag is present.

For Homebrew users on macOS, updating is a single command:

brew upgrade exiftool

# Verify the updated version
exiftool -ver
# Should return 13.50 or later (13.52 as of late February 2026)

For standalone installations downloaded from exiftool.org, download the current package and reinstall. For organizations managing fleets, this should be part of your existing macOS software update workflow, not a manual effort on each device.

One additional vector that the original disclosure does not prominently flag: PyExifTool. PyExifTool is a Python wrapper that calls the system's ExifTool binary as a subprocess. If PyExifTool is used in a Python-based image processing pipeline on macOS and the system ExifTool binary it is calling is version 13.49 or earlier, that pipeline is vulnerable through the Python layer. Updating the system ExifTool binary to 13.50 remediates this exposure, but organizations running PyExifTool should explicitly verify the binary being called by their Python environment — particularly in virtual environments or containerized deployments where the system binary and the active binary may differ.

Organizations should treat this as an inventory exercise, not just a patch task. The audit should cover system-level ExifTool binaries, application bundles that may embed ExifTool internally, containerized environments and CI/CD pipelines where ExifTool is baked into base images, custom scripts that call ExifTool in automated workflows, and any third-party platforms that run on macOS infrastructure and process image files as part of their core function.

Beyond patching, Kaspersky GReAT recommends architectural hardening: process images from untrusted sources in an isolated environment with strict network and storage access controls. A compromised ExifTool process running in a sandboxed virtual machine with no access to production data or internal network resources is a contained incident. The same compromise running on a production macOS workstation with access to client files, internal credentials, and network shares is an entirely different category of event.

There are additional defensive options that the standard disclosure guidance underemphasizes. If your pipeline requires raw numeric output but not specifically the -n flag's passthrough behavior, consider using ExifTool's XML output mode (-X) instead of JSON with -n. The XML output path does not trigger the vulnerable condition, and the structured output remains machine-parseable. For pipelines where -n is genuinely required, the -n flag can be scoped to specific tags rather than applied globally — using -TAG# syntax on only the fields you need in numeric form avoids enabling the flag across all parsing paths.

For organizations building intake workflows that accept images from external sources, a metadata stripping stage deployed at the perimeter — before files reach the ExifTool pipeline — creates a structural defense that does not depend on any specific version being patched. Tools like mat2 or ExifTool itself (invoked in safe mode on a hardened system) can strip all metadata from inbound files before handing them to the processing pipeline. The workflow then never processes the attacker-controlled metadata directly in the vulnerable context.

At the endpoint level, macOS's Transparency Consent and Control (TCC) framework and the App Sandbox can meaningfully constrain what a compromised ExifTool process is able to do, even after a successful exploit. A service account running ExifTool that has been configured with minimal entitlements — no access to the Desktop, Documents, or Downloads folders, no network access, no camera or microphone access — limits post-exploitation options considerably. The exploit may still execute, but the attacker's code runs in a restricted context with limited ability to reach sensitive data or establish outbound connections. Configuring ExifTool service accounts with the principle of least privilege is not a patch, but it is a meaningful architectural constraint on the blast radius.

Security teams monitoring macOS endpoints should also consider watching for anomalous child process creation from ExifTool and its parent applications. A legitimate ExifTool process does not spawn network connections or execute shell commands that download content from external hosts. Monitoring for curl, wget, osascript, or other download or execution tools launched as children of ExifTool or its wrapper processes is a detection opportunity that does not require any signature match on the malicious image itself.

Kaspersky GReAT's official mitigation guidance recommends isolating untrusted file processing on a dedicated machine or virtual environment with strictly limited network and storage access, so that a compromised ExifTool process cannot reach production data or internal resources. — Kaspersky GReAT, official mitigation guidance, March 2026

For organizations that cannot immediately update or are waiting on a vendor to release an updated application, a temporary workaround exists: removing the -n flag from ExifTool invocations eliminates the execution condition for this specific vulnerability. This may affect output format for downstream processes and requires testing, but it breaks the attack chain while a permanent fix is prepared.

Organizations relying on open-source components in their workflows should also begin tracking ExifTool and similar dependencies systematically. Kaspersky recommends using an Open Source Software Threats data feed for continuous vulnerability tracking across the software supply chain. Ad-hoc awareness of open-source vulnerabilities — waiting for a disclosure to show up in security news before auditing affected tools — is the pattern that leaves organizations weeks or months behind on remediation for exactly this class of flaw.

How to Detect a Compromise

The post-exploitation profile of CVE-2026-3102 is designed for stealth, which makes detection harder than for louder attack classes. There is no corrupted image, no error message, no crash. The workflow continues processing files normally. But there are behavioral signals that security teams can monitor for, particularly on macOS endpoints running automated image workflows.

The most reliable signal is unexpected child process execution from ExifTool or its parent application. When the malicious DateTimeOriginal field executes shell commands, those commands run as child processes of the ExifTool process. On a normal day, ExifTool does not spawn processes like curl, bash, sh, python, osascript, or any utility associated with downloading or executing remote content. Process tree monitoring through macOS's Endpoint Security Framework, or via an EDR solution with macOS support, should flag any of these patterns as anomalous.

Network telemetry is a secondary signal. An infostealer or trojan deployed through this flaw needs to communicate with an attacker-controlled server to exfiltrate data or receive instructions. A macOS service account that processes image files and suddenly initiates outbound connections to unfamiliar hosts — particularly over non-standard ports or at unusual times — is a detection opportunity. Baseline-and-alert network monitoring on the service accounts running ExifTool pipelines is more effective than waiting for a signature to match.

For forensic investigation after a suspected compromise, the key artifacts to review are shell history for the user or service account running ExifTool, LaunchAgents and LaunchDaemons directories for persistence mechanisms the payload may have installed, and the ~/Library folder for any newly created or modified application support directories that correspond to known infostealer families. The timing of file modifications in these locations relative to the last batch of images processed by the vulnerable pipeline can help establish a timeline.

One limitation defenders should understand: because the malicious payload arrives embedded in a normal-looking image file, most traditional file-based scanning tools will not detect it. The image passes a hash check (it is not malware by signature). The metadata content may not match known malicious patterns. Detection before execution requires either behavioral monitoring, metadata-aware scanning at ingestion, or the perimeter stripping approach described above. After execution, detection depends on behavioral telemetry — and the window before an infostealer establishes persistence and begins systematic exfiltration may be very short.

What About Windows and Linux Users?

CVE-2026-3102 is documented as a macOS-specific vulnerability. The flaw is rooted in how macOS handles certain data at the shell level when the -n flag is active — the same shell passthrough that creates the execution condition on macOS behaves differently on Linux and Windows, where the vulnerable path does not trigger in the same way. Confirmed exploitation requires macOS.

That said, Windows and Linux users running ExifTool should still update to the current latest version. The reason is straightforward: the precise technical boundary between platforms in complex Perl-based tools can shift as researchers probe further, and staying on a patched version costs nothing while remaining on a vulnerable version creates ongoing uncertainty. It is also good hygiene for any organization that manages mixed fleets — standardizing on version 13.50 or later across all platforms eliminates the version-tracking complexity of maintaining different patch standards by OS.

Linux users with ExifTool in their package manager should verify that their distribution has published an updated package. Many Linux distributions ship ExifTool through package repositories on update cycles that lag the upstream release by days or weeks. Running exiftool -ver to check the current installed version is the only reliable way to confirm. If the distribution package has not yet reached 13.50, installing directly from exiftool.org is a valid alternative for systems where the vulnerability exposure is a concern.

Key Takeaways

1. Update ExifTool to the current latest version immediately: Versions 13.49 and earlier are vulnerable on macOS. The security patch landed in 13.50 on February 7, 2026, with subsequent releases 13.51 and 13.52 following in the same month. Homebrew users can run brew upgrade exiftool. Do not wait for your next maintenance window.
2. The standalone binary is not the whole picture: Applications embed ExifTool internally. Any photo management app, DAM platform, or imaging pipeline running on macOS should be audited for bundled ExifTool versions that will not be updated by a system-level patch.
3. The -n flag (long form: --printConv) is the trigger: Automated pipelines that invoke ExifTool with either form on macOS are the primary attack surface. Removing the flag breaks the exploit chain. As an alternative to removing it entirely, consider XML output mode (-X) or per-tag numeric scoping (-Tagname#) for pipelines that need numeric output only from specific fields.
4. Automated workflows are the highest-risk target: Media companies, forensic labs, legal and medical document processors, and any organization running unattended bulk image ingestion on macOS should treat this as a priority incident-level response, not a routine patch.
5. CVSS scores do not tell the whole story here: OffSeq rates this vulnerability medium severity on CVSS. Kaspersky rates it critical. The NVD has published the record but has not yet assigned a formal score. Severity is contextual. In automated, unattended pipelines processing untrusted files, the operational risk is critical regardless of what any Base Score eventually calculates to. Do not let a medium score delay action.
6. Post-exploitation is quiet by design: The payload class most likely deployed through this flaw is infostealers and trojans — tools designed to persist silently and exfiltrate credentials. Detection after a successful compromise may not surface for weeks or longer if the initial alert is missed.
7. Behavioral detection is more reliable than signature scanning: The malicious image will pass most traditional scans. Watch for unexpected child processes spawned by ExifTool — particularly curl, wget, bash, or osascript. After execution, review LaunchAgents/LaunchDaemons for new persistence entries and monitor for anomalous outbound connections from the service account running the pipeline.
8. macOS TCC and least privilege meaningfully constrain blast radius: Configuring the service account running ExifTool with minimal entitlements under macOS's Transparency Consent and Control framework limits what an attacker can reach even after a successful exploit. Not a substitute for patching, but an architectural defense that changes the outcome of a compromise.
9. PyExifTool and downstream wrappers inherit the exposure: If your Python-based image workflow calls ExifTool through PyExifTool and the underlying binary is pre-13.50, that pipeline is vulnerable. Verify the binary being invoked, not just the wrapper package version.
10. BYOD and contractor devices need attention: Any macOS device that processes image files and accesses shared storage or internal network resources should be verified for ExifTool version compliance, not just organization-managed fleet devices.
11. ExifTool will have future vulnerabilities: This is not the first ExifTool RCE and it will not be the last. The tool's breadth of format support and Perl foundation are structural risk factors. Defense-in-depth — isolation, sandboxing, minimal privilege for image processing services, perimeter metadata stripping — is not optional. It is the architecture that determines how bad the next one will be.

CVE-2026-3102 is a reminder that the most dangerous attack surfaces are often the ones we trust the most. ExifTool has been an indispensable tool for years. Photographers trust it. Forensic analysts trust it. Archivists trust it. That trust, and the broad deployment it has earned, is exactly what makes a vulnerability like this worth dropping everything to address. A photo should not be able to own your machine. Right now, in many organizations, it still can.