CVE-2022-32919
published 2024-01-10CVE-2022-32919: The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames…
PriorityP420medium4.7CVSS 3.1
AVNACLPRNUIRSCCNILAN
EPSS
0.52%
40.5th percentile
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.2_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.2 | 16.2 |
| apple | ipados | < 16.2 | 16.2 |
| apple | iphone_os | < 16.2 | 16.2 |
| apple | macos | < 13.1 | 13.1 |
| apple | macos | >= unspecified < 13.1 | 13.1 |
| apple | macos_ventura | — | — |
| debian | webkit2gtk | < webkit2gtk 2.38.4-1 (bookworm) | webkit2gtk 2.38.4-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.38.4-1 (bookworm) | webkit2gtk 2.38.4-1 (bookworm) |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
osv4.7MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: Visiting a website that frames malicious content may lead to UI spoofing.
vendor_redhat·2023-11-15·CVSS 4.7
CVE-2022-32919 [MEDIUM] CWE-1021 webkitgtk: Visiting a website that frames malicious content may lead to UI spoofing.
webkitgtk: Visiting a website that frames malicious content may lead to UI spoofing.
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
A vulnerability was found in WebKitGTK and WPE WebKit that allows a remote attacker to conduct spoofing attacks by exploiting improper UI handling. This flaw enables attackers to create specially crafted websites that can display misleading information to users. By exploiting this vulnerability, an attacker can trick users into believing they are interacting with a legitimate website, potentially leading to a UI spoofing attack.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webk
Apple
CVE-2022-32919: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 4.7
CVE-2022-32919 [MEDIUM] CVE-2022-32919: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-32919
Component: WebKit
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
Apple
CVE-2022-32919: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 4.7
CVE-2022-32919 [MEDIUM] CVE-2022-32919: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-32919
Component: WebKit
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: The issue was addressed with improved UI handling.
Debian
CVE-2022-32919: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in iOS 16...
vendor_debian·2022·CVSS 4.7
CVE-2022-32919 [MEDIUM] CVE-2022-32919: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in iOS 16...
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
Scope: local
bookworm: resolved (fixed in 2.38.4-1)
bullseye: resolved (fixed in 2.38.4-2~deb11u1)
forky: resolved (fixed in 2.38.4-1)
sid: resolved (fixed in 2.38.4-1)
trixie: resolved (fixed in 2.38.4-1)
GHSA
GHSA-4m5w-jr92-m987: The issue was addressed with improved UI handling
ghsa_unreviewed·2024-01-11
CVE-2022-32919 [MEDIUM] CWE-1021 GHSA-4m5w-jr92-m987: The issue was addressed with improved UI handling
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
OSV
CVE-2022-32919: The issue was addressed with improved UI handling
osv·2024-01-10·CVSS 4.7
CVE-2022-32919 [MEDIUM] CVE-2022-32919: The issue was addressed with improved UI handling
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-10
Published