CVE-2022-46695
published 2022-12-15CVE-2022-46695: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura…
PriorityP181medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.31%
67.0th percentile
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.7.2_and_ipados | — | — |
| apple | ios_16.2_and_ipados | — | — |
| apple | ipados | < 15.7.2 | 15.7.2 |
| apple | ipados | >= 16.0 < 16.2 | 16.2 |
| apple | iphone_os | < 15.7.2 | 15.7.2 |
| apple | iphone_os | >= 16.0 < 16.2 | 16.2 |
| apple | macos | < 13.1 | 13.1 |
| apple | macos_ventura | — | — |
| apple | tvos | < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 16.2 | 16.2 |
| apple | tvos | >= unspecified < 13.1 | 13.1 |
| apple | tvos | >= unspecified < 15.7 | 15.7 |
| apple | tvos16.2 | — | — |
| apple | watchos | < 9.2 | 9.2 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 9.2 | 9.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for Safari rendering pages that use iframe/framing techniques to overlay or spoof UI elements, particularly address bar content, which may indicate exploitation of this URL-handling spoofing vulnerability. ↗
- →Focus detection on Safari (component) across Apple platforms (iOS, iPadOS, tvOS, macOS, watchOS) for anomalous URL input handling or address bar spoofing behavior. ↗
- ·No specific exploit code, malicious domains, IPs, hashes, or concrete IOCs are publicly documented in the available sources for this CVE. Detection must rely on behavioral/heuristic approaches targeting Safari's URL/frame handling. ↗
- ·The vulnerability affects Safari across multiple Apple OS versions; unpatched systems include tvOS < 16.2, macOS Ventura < 13.1, iOS/iPadOS < 15.7.2, iOS/iPadOS < 16.2, and watchOS < 9.2. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2022-46695: tvOS16.2
vendor_apple·2022-12-13·CVSS 6.5
CVE-2022-46695 [MEDIUM] CVE-2022-46695: tvOS16.2
Apple Security Update: About the security content of tvOS16.2
Product: tvOS16.2
CVE: CVE-2022-46695
Component: Safari
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Apple
CVE-2022-46695: iOS 15.7.2 and iPadOS 15.7.2
vendor_apple·2022-12-13·CVSS 6.5
CVE-2022-46695 [MEDIUM] CVE-2022-46695: iOS 15.7.2 and iPadOS 15.7.2
Apple Security Update: About the security content of iOS 15.7.2 and iPadOS 15.7.2
Product: iOS 15.7.2 and iPadOS
Version: 15.7.2
CVE: CVE-2022-46695
Component: Safari
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Apple
CVE-2022-46695: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 6.5
CVE-2022-46695 [MEDIUM] CVE-2022-46695: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-46695
Component: Safari
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Apple
CVE-2022-46695: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 6.5
CVE-2022-46695 [MEDIUM] CVE-2022-46695: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-46695
Component: Safari
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Apple
CVE-2022-46695: watchOS 9.2
vendor_apple·2022-12-13·CVSS 6.5
CVE-2022-46695 [MEDIUM] CVE-2022-46695: watchOS 9.2
Apple Security Update: About the security content of watchOS 9.2
Product: watchOS
Version: 9.2
CVE: CVE-2022-46695
Component: Safari
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
GHSA
GHSA-hm5v-5ww3-9m4f: A spoofing issue existed in the handling of URLs
ghsa_unreviewed·2022-12-15
CVE-2022-46695 [MEDIUM] CWE-1021 GHSA-hm5v-5ww3-9m4f: A spoofing issue existed in the handling of URLs
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.
VulnCheck
Apple ipados Improper Restriction of Rendered UI Layers or Frames
vulncheck·2022·CVSS 6.5
CVE-2022-46695 [MEDIUM] Apple ipados Improper Restriction of Rendered UI Layers or Frames
Apple ipados Improper Restriction of Rendered UI Layers or Frames
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/kb/HT213531
No detection rules found.
No public exploits indexed.
Sentinelone
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
blogs_sentinelone·2023-01-09
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Our 2022 review of macOS malware revealed that the threats faced by businesses and users running macOS endpoints included an increase in backdoors and cross-platform attack frameworks. Threats like CrateDepression and PyMafka used typosquatting attacks against package repositories to infect users, while ChromeLoader and others like oRAT leveraged malvertising as an infection vector.
However, the infection vector used by many other macOS threats remains unknown. SysJoker, OSX.Gimmick, CloudMensis, Alchimist and the Lazarus-attributed Operation In(ter)ception are just some of those for which researchers still do not know how victims were initially compromised. In these and other cases, researchers happened across the malware either in post-infection analyses or by discovering the samples on
Sentinelone
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
blogs_sentinelone·2023-01-09
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Our 2022 review of macOS malware revealed that the threats faced by businesses and users running macOS endpoints included an increase in backdoors and cross-platform attack frameworks. Threats like CrateDepression and PyMafka used typosquatting attacks against package repositories to infect users, while ChromeLoader and others like oRAT leveraged malvertising as an infection vector.
However, the infection vector used by many other macOS threats remains unknown. SysJoker , OSX.Gimmick, CloudMensis, Alchimist and the Lazarus-attributed Operation In(ter)ception are just some of those for which researchers still do not know how victims were initially compromised. In these and other cases, researchers happened across the malware either in post-infection analyses or by discovering the samples o
http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/26http://seclists.org/fulldisclosure/2022/Dec/27https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213535https://support.apple.com/en-us/HT213536http://seclists.org/fulldisclosure/2022/Dec/20http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/23http://seclists.org/fulldisclosure/2022/Dec/26http://seclists.org/fulldisclosure/2022/Dec/27https://support.apple.com/en-us/HT213530https://support.apple.com/en-us/HT213531https://support.apple.com/en-us/HT213532https://support.apple.com/en-us/HT213535https://support.apple.com/en-us/HT213536
2022-12-15
Published
Exploited in the wild