CVE-2022-32923 — Cross-site Scripting in Apple Macos

CWE-79 — Cross-site Scripting CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 49.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Tvos Apple Watchos +3 more

Timeline

PublishedNov 1

Latest updateNov 17

Description

A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶NVDapple/ipados< 15.7.1

▶CVEListV5apple/tvosunspecified — 16.1+1

▶NVDapple/tvos< 16.1

▶CVEListV5apple/macosunspecified — 13

▶NVDapple/macos< 13.0

🔴Vulnerability Details

GHSA

GHSA-4w5x-gxff-8vr4: A correctness issue in the JIT was addressed with improved checks↗2022-11-02

▶

CVEList

CVE-2022-32923: A correctness issue in the JIT was addressed with improved checks↗2022-11-01

▶

OSV

CVE-2022-32923: A correctness issue in the JIT was addressed with improved checks↗2022-11-01

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2022-11-17

▶

Red Hat

webkitgtk: correctness issue in the JIT was addressed with improved checks↗2022-10-31

▶

Apple

CVE-2022-32923: iOS 15.7.1 and iPadOS 15.7.1↗2022-10-27

▶

Apple

CVE-2022-32923: macOS Ventura 13↗2022-10-24

▶

Apple

CVE-2022-32923: tvOS 16.1↗2022-10-24

▶