CVE-2022-42852Sensitive Information Exposure in Apple Tvos

CWE-200Sensitive Information Exposure14 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 29.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple TvosApple WatchosApple Ipados+3 more
Timeline
PublishedDec 15
Latest updateJan 9

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

NVDapple/ipados16.016.2+1
CVEListV5apple/tvosunspecified16.2+2
NVDapple/tvos< 16.2
NVDapple/safari< 16.2
CVEListV5apple/watchosunspecified9.2+1

🔴Vulnerability Details

4
GHSA
GHSA-3p9p-h6x6-85gg: The issue was addressed with improved memory handling2022-12-15
CVEList
CVE-2022-42852: The issue was addressed with improved memory handling2022-12-15
OSV
CVE-2022-42852: The issue was addressed with improved memory handling2022-12-15
VulnCheck
Safari, tvOS, macOS Ventura, watchOS 9.2, iOS and iPadOS Malicious Web Content Process Memory Disclosure Vulnerability2022

📋Vendor Advisories

9
Ubuntu
WebKitGTK vulnerabilities2023-01-09
Red Hat
webkitgtk: memory disclosure issue was addressed with improved memory handling2022-12-15
Apple
CVE-2022-42852: tvOS16.22022-12-13
Apple
CVE-2022-42852: Safari 16.22022-12-13
Apple
CVE-2022-42852: macOS Ventura 13.12022-12-13
CVE-2022-42852 — Sensitive Information Exposure | cvebase