Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

41 matches found

CVE•added 2022/03/18 6:15 p.m.•1170 views

CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a re...

8.8CVSS8.8AI score0.03877EPSS

In wild

CVE•added 2022/08/24 8:15 p.m.•1148 views

CVE-2022-32893

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have b...

8.8CVSS8.8AI score0.00134EPSS

In wild

CVE•added 2022/12/15 7:15 p.m.•931 views

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue...

8.8CVSS8.7AI score0.00129EPSS

In wild

CVE•added 2022/11/01 8:15 p.m.•430 views

CVE-2022-26717

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00438EPSS

CVE•added 2022/09/23 8:15 p.m.•415 views

CVE-2022-22629

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.17036EPSS

Web

CVE•added 2022/03/18 6:15 p.m.•388 views

CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.7AI score0.00222EPSS

CVE•added 2022/09/23 7:15 p.m.•386 views

CVE-2022-22637

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

8.8CVSS7.4AI score0.00108EPSS

CVE•added 2022/11/13 8:15 a.m.•310 views

CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and ma...

8.8CVSS7.6AI score0.00075EPSS

CVE•added 2022/09/23 7:15 p.m.•237 views

CVE-2022-26700

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8.3AI score0.00151EPSS

CVE•added 2022/12/15 7:15 p.m.•213 views

CVE-2022-46689

A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.

7CVSS7.5AI score0.83449EPSS

CVE•added 2022/12/15 7:15 p.m.•210 views

CVE-2022-46698

A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.4AI score0.00424EPSS

CVE•added 2022/11/01 8:15 p.m.•200 views

CVE-2022-32922

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00396EPSS

CVE•added 2022/03/18 6:15 p.m.•188 views

CVE-2022-22592

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

6.5CVSS6.3AI score0.00121EPSS

CVE•added 2022/12/15 7:15 p.m.•188 views

CVE-2022-46692

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.

5.5CVSS5.9AI score0.00007EPSS

CVE•added 2022/12/15 7:15 p.m.•184 views

CVE-2022-42867

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.05951EPSS

CVE•added 2022/11/01 8:15 p.m.•182 views

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.

6.1CVSS6AI score0.0053EPSS

CVE•added 2022/09/23 7:15 p.m.•175 views

CVE-2022-22624

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00254EPSS

CVE•added 2022/09/23 7:15 p.m.•174 views

CVE-2022-22628

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00117EPSS

CVE•added 2022/11/01 8:15 p.m.•168 views

CVE-2022-26709

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00152EPSS

CVE•added 2022/09/20 9:15 p.m.•168 views

CVE-2022-32886

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.7AI score0.00358EPSS

CVE•added 2022/03/18 6:15 p.m.•167 views

CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00294EPSS

CVE•added 2022/03/18 6:15 p.m.•161 views

CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

6.5CVSS6.4AI score0.001EPSS

CVE•added 2022/12/15 7:15 p.m.•158 views

CVE-2022-42852

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.

6.5CVSS6.3AI score0.00414EPSS

CVE•added 2022/12/15 7:15 p.m.•156 views

CVE-2022-46699

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00447EPSS

CVE•added 2022/11/01 8:15 p.m.•155 views

CVE-2022-26716

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.7AI score0.00145EPSS

CVE•added 2022/12/15 7:15 p.m.•155 views

CVE-2022-46700

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00447EPSS

CVE•added 2022/03/18 6:15 p.m.•152 views

CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

6.1CVSS6.2AI score0.00262EPSS

CVE•added 2022/11/01 8:15 p.m.•148 views

CVE-2022-26719

8.8CVSS8.6AI score0.00133EPSS

CVE•added 2022/12/15 7:15 p.m.•148 views

CVE-2022-42863

8.8CVSS8.6AI score0.00532EPSS

CVE•added 2022/12/15 7:15 p.m.•141 views

CVE-2022-46691

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00352EPSS

CVE•added 2022/11/01 8:15 p.m.•130 views

CVE-2022-42823

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.0041EPSS

CVE•added 2022/11/01 8:15 p.m.•128 views

CVE-2022-42824

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

5.5CVSS5.7AI score0.00026EPSS

CVE•added 2022/09/20 9:15 p.m.•122 views

CVE-2022-32912

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00761EPSS

CVE•added 2022/11/01 8:15 p.m.•116 views

CVE-2022-32923

A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.

6.5CVSS6.3AI score0.00193EPSS

CVE•added 2022/09/23 7:15 p.m.•115 views

CVE-2022-22610

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8.5AI score0.00385EPSS

CVE•added 2022/09/20 9:15 p.m.•113 views

CVE-2022-32868

A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.

4.3CVSS4.9AI score0.00207EPSS

CVE•added 2022/12/15 7:15 p.m.•87 views

CVE-2022-46696

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.9AI score0.00206EPSS

CVE•added 2022/11/01 8:15 p.m.•86 views

CVE-2022-32892

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.

8.6CVSS7.5AI score0.00135EPSS

CVE•added 2022/12/15 7:15 p.m.•73 views

CVE-2022-32833

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

5.3CVSS6.2AI score0.00157EPSS

CVE•added 2022/09/20 9:15 p.m.•66 views

CVE-2022-32863

A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.

9.8CVSS9.1AI score0.0045EPSS

CVE•added 2022/09/20 9:15 p.m.•63 views

CVE-2022-32861

A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

5.3CVSS5.8AI score0.00185EPSS