CVE-2022-32891

2023-02-2720:15:12

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2022-32891

ui handling

safari 16

tvos 16

watchos 9

ios 16

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.1%

JSON

The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.

Affected configurations

NVD

Node

applesafariRange<16.0

appleiphone_osRange<16.0

appletvosRange<16.0

applewatchosRange<9.0

CPENameOperatorVersion
apple:safariapple safarilt16.0
apple:iphone_osapple iphone oslt16.0
apple:tvosapple tvoslt16.0
apple:watchosapple watchoslt9.0

CPE	Name	Operator	Version
apple:safari	apple safari	lt	16.0
apple:iphone_os	apple iphone os	lt	16.0
apple:tvos	apple tvos	lt	16.0
apple:watchos	apple watchos	lt	9.0

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "16",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "Safari",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "16",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "9",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "16",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]