CVE-2022-32891 — UI Misrepresentation / Clickjacking in Apple Safari

CWE-1021 — UI Misrepresentation / Clickjacking CWE-120 — Classic Buffer Overflow10 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 74.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Safari Apple Watchos +2 more

Timeline

PublishedFeb 27

Description

The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages7 packages

▶NVDapple/tvos< 16.0

▶CVEListV5apple/safariunspecified — 16

▶NVDapple/safari< 16.0

▶CVEListV5apple/watchosunspecified — 9+1

▶NVDapple/watchos< 9.0

🔴Vulnerability Details

CVEList

CVE-2022-32891: The issue was addressed with improved UI handling↗2023-02-27

▶

OSV

CVE-2022-32891: The issue was addressed with improved UI handling↗2023-02-27

▶

GHSA

GHSA-3r34-xx92-673h: The issue was addressed with improved UI handling↗2023-02-27

▶

📋Vendor Advisories

Red Hat

webkitgtk: UI spoofing while Visiting a website that frames malicious content↗2022-09-12

▶

Apple

CVE-2022-32891: tvOS 16↗2022-09-12

▶

Apple

CVE-2022-32891: watchOS 9↗2022-09-12

▶

Apple

CVE-2022-32891: iOS 16↗2022-09-12

▶

Apple

CVE-2022-32891: Safari 16↗2022-09-12

▶