CVE-2022-46695 — UI Misrepresentation / Clickjacking in Apple Tvos

CWE-1021 — UI Misrepresentation / Clickjacking10 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.8%

top 26.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Tvos Apple Watchos Apple Ipados +6 more

Timeline

PublishedDec 15

Latest updateJan 9

Description

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶NVDapple/ipados16.0 — 16.2+1

▶Appleapple/macos_ventura13.1

▶Appleapple/ios_16.2_and_ipados16.2

▶Appleapple/ios_15.7.2_and_ipados15.7.2

▶CVEListV5apple/tvosunspecified — 16.2+2

🔴Vulnerability Details

GHSA

GHSA-hm5v-5ww3-9m4f: A spoofing issue existed in the handling of URLs↗2022-12-15

▶

VulnCheck

Apple ipados Improper Restriction of Rendered UI Layers or Frames↗2022

▶

📋Vendor Advisories

Apple

CVE-2022-46695: tvOS16.2↗2022-12-13

▶

Apple

CVE-2022-46695: iOS 15.7.2 and iPadOS 15.7.2↗2022-12-13

▶

Apple

CVE-2022-46695: iOS 16.2 and iPadOS 16.2↗2022-12-13

▶

Apple

CVE-2022-46695: macOS Ventura 13.1↗2022-12-13

▶

Apple

CVE-2022-46695: watchOS 9.2↗2022-12-13

▶

🕵️Threat Intelligence

Sentinelone

7 Ways Threat Actors Deliver macOS Malware in the Enterprise↗2023-01-09

▶

Sentinelone

7 Ways Threat Actors Deliver macOS Malware in the Enterprise↗2023-01-09

▶