Lucene search

AppleCVE-2022-46695

HistoryDec 15, 2022 - 7:15 p.m.

CVE-2022-46695

2022-12-1519:15:26

CWE-1021

apple

web.nvd.nist.gov

spoofing issue

url handling

input validation

security patch

tvos

macos ventura

ios

ipados

watchos

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

65.4%

JSON

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.

Affected configurations

Nvd

Vulners

Node

appleipadosRange<15.7.2

appleipadosRange16.0–16.2

appleiphone_osRange<15.7.2

appleiphone_osRange16.0–16.2

applemacosRange<13.1

appletvosRange<16.2

applewatchosRange<9.2

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "16.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "13.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "16.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "tvOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "15.7",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "9.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2022/Dec/20

seclists.org/fulldisclosure/2022/Dec/21

seclists.org/fulldisclosure/2022/Dec/23

seclists.org/fulldisclosure/2022/Dec/26

seclists.org/fulldisclosure/2022/Dec/27

support.apple.com/en-us/HT213530

support.apple.com/en-us/HT213531

support.apple.com/en-us/HT213532

support.apple.com/en-us/HT213535

support.apple.com/en-us/HT213536

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

65.4%

JSON

Related for CVE-2022-46695