CVE-2022-32816
published 2022-09-23CVE-2022-32816: The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a…
PriorityP335medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
6.29%
92.7th percentile
The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.6_and_ipados | — | — |
| apple | ipados | < 15.6 | 15.6 |
| apple | iphone_os | < 15.6 | 15.6 |
| apple | macos | >= 12.0 < 12.5 | 12.5 |
| apple | macos | >= unspecified < 12.5 | 12.5 |
| apple | macos_monterey | — | — |
| apple | tvos | < 15.6 | 15.6 |
| apple | tvos | — | — |
| apple | tvos | >= unspecified < 15.6 | 15.6 |
| apple | watchos | < 8.7 | 8.7 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 8.7 | 8.7 |
| apple | watchos | >= unspecified < 15.6 | 15.6 |
| debian | webkit2gtk | < webkit2gtk 2.36.6-1 (bookworm) | webkit2gtk 2.36.6-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.36.6-1 (bookworm) | webkit2gtk 2.36.6-1 (bookworm) |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2022-08-15
CVE-2022-2294 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Apple
CVE-2022-32816: tvOS 15.6
vendor_apple·2022-07-20·CVSS 6.5
CVE-2022-32816 [MEDIUM] CVE-2022-32816: tvOS 15.6
Apple Security Update: About the security content of tvOS 15.6
Product: tvOS
Version: 15.6
CVE: CVE-2022-32816
Component: WebKit
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
Apple
CVE-2022-32816: watchOS 8.7
vendor_apple·2022-07-20·CVSS 6.5
CVE-2022-32816 [MEDIUM] CVE-2022-32816: watchOS 8.7
Apple Security Update: About the security content of watchOS 8.7
Product: watchOS
Version: 8.7
CVE: CVE-2022-32816
Component: WebKit
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
Apple
CVE-2022-32816: macOS Monterey 12.5
vendor_apple·2022-07-20·CVSS 6.5
CVE-2022-32816 [MEDIUM] CVE-2022-32816: macOS Monterey 12.5
Apple Security Update: About the security content of macOS Monterey 12.5
Product: macOS Monterey
Version: 12.5
CVE: CVE-2022-32816
Component: WebKit
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
Apple
CVE-2022-32816: iOS 15.6 and iPadOS 15.6
vendor_apple·2022-07-20·CVSS 6.5
CVE-2022-32816 [MEDIUM] CVE-2022-32816: iOS 15.6 and iPadOS 15.6
Apple Security Update: About the security content of iOS 15.6 and iPadOS 15.6
Product: iOS 15.6 and iPadOS
Version: 15.6
CVE: CVE-2022-32816
Component: WebKit
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
Red Hat
webkitgtk: malicious content may lead to UI spoofing
vendor_redhat·2022-07-04·CVSS 6.5
CVE-2022-32816 [MEDIUM] webkitgtk: malicious content may lead to UI spoofing
webkitgtk: malicious content may lead to UI spoofing
The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.
A vulnerability was found in webkit. This issue occurs when visiting a website that frames malicious content, which may lead to UI spoofing.
Statement: This flaw is being rated as 'Moderate' as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn't ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7)
Debian
CVE-2022-32816: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in watchO...
vendor_debian·2022·CVSS 6.5
CVE-2022-32816 [MEDIUM] CVE-2022-32816: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in watchO...
The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.
Scope: local
bookworm: resolved (fixed in 2.36.6-1)
bullseye: resolved (fixed in 2.36.6-1~deb11u1)
forky: resolved (fixed in 2.36.6-1)
sid: resolved (fixed in 2.36.6-1)
trixie: resolved (fixed in 2.36.6-1)
GHSA
GHSA-jjrw-xpw9-v3qh: The issue was addressed with improved UI handling
ghsa_unreviewed·2022-09-25
CVE-2022-32816 [MEDIUM] CWE-451 GHSA-jjrw-xpw9-v3qh: The issue was addressed with improved UI handling
The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.
OSV
CVE-2022-32816: The issue was addressed with improved UI handling
osv·2022-09-23·CVSS 6.5
CVE-2022-32816 [MEDIUM] CVE-2022-32816: The issue was addressed with improved UI handling
The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/HT213340https://support.apple.com/en-us/HT213342https://support.apple.com/en-us/HT213345https://support.apple.com/en-us/HT213346https://support.apple.com/en-us/HT213340https://support.apple.com/en-us/HT213342https://support.apple.com/en-us/HT213345https://support.apple.com/en-us/HT213346
2022-09-23
Published