cbcvebase.
CVE-2022-46695
published 2022-12-15

CVE-2022-46695: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura…

PriorityP181medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.31%
67.0th percentile
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.

Affected

16 ranges
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.2_and_ipados
appleipados< 15.7.215.7.2
appleipados>= 16.0 < 16.216.2
appleiphone_os< 15.7.215.7.2
appleiphone_os>= 16.0 < 16.216.2
applemacos< 13.113.1
applemacos_ventura
appletvos< 16.216.2
appletvos>= unspecified < 16.216.2
appletvos>= unspecified < 13.113.1
appletvos>= unspecified < 15.715.7
appletvos16.2
applewatchos< 9.29.2
applewatchos
applewatchos>= unspecified < 9.29.2

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for Safari rendering pages that use iframe/framing techniques to overlay or spoof UI elements, particularly address bar content, which may indicate exploitation of this URL-handling spoofing vulnerability.
  • Focus detection on Safari (component) across Apple platforms (iOS, iPadOS, tvOS, macOS, watchOS) for anomalous URL input handling or address bar spoofing behavior.
  • ·No specific exploit code, malicious domains, IPs, hashes, or concrete IOCs are publicly documented in the available sources for this CVE. Detection must rely on behavioral/heuristic approaches targeting Safari's URL/frame handling.
  • ·The vulnerability affects Safari across multiple Apple OS versions; unpatched systems include tvOS < 16.2, macOS Ventura < 13.1, iOS/iPadOS < 15.7.2, iOS/iPadOS < 16.2, and watchOS < 9.2.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.