CVE-2022-46725
published 2023-08-14CVE-2022-46725: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4…
PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.58%
43.4th percentile
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.2_and_ipados | — | — |
| apple | ios_16.4_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 16.4 | 16.4 |
| apple | ipados | < 16.4 | 16.4 |
| apple | iphone_os | < 16.4 | 16.4 |
| apple | macos_ventura | — | — |
| debian | webkit2gtk | < webkit2gtk 2.38.4-1 (bookworm) | webkit2gtk 2.38.4-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.38.4-1 (bookworm) | webkit2gtk 2.38.4-1 (bookworm) |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: Visiting a malicious website may lead to address bar spoofing.
vendor_redhat·2023-11-15·CVSS 4.3
CVE-2022-46725 [MEDIUM] CWE-20 webkitgtk: Visiting a malicious website may lead to address bar spoofing.
webkitgtk: Visiting a malicious website may lead to address bar spoofing.
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
A vulnerability was found in WebKitGTK. This flaw occurs due to an issue in the component URL Handler, which allows a remote attacker to manipulate an unknown input that can lead to clickjacking.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Out of support scope
Apple
CVE-2022-46725: iOS 16.4 and iPadOS 16.4
vendor_apple·2023-03-27·CVSS 4.3
CVE-2022-46725 [MEDIUM] CVE-2022-46725: iOS 16.4 and iPadOS 16.4
Apple Security Update: About the security content of iOS 16.4 and iPadOS 16.4
Product: iOS 16.4 and iPadOS
Version: 16.4
CVE: CVE-2022-46725
Component: WebKit
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Apple
CVE-2022-46725: macOS Ventura 13.1
vendor_apple·2022-12-13·CVSS 4.3
CVE-2022-46725 [MEDIUM] CVE-2022-46725: macOS Ventura 13.1
Apple Security Update: About the security content of macOS Ventura 13.1
Product: macOS Ventura
Version: 13.1
CVE: CVE-2022-46725
Component: WebKit
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Apple
CVE-2022-46725: iOS 16.2 and iPadOS 16.2
vendor_apple·2022-12-13·CVSS 4.3
CVE-2022-46725 [MEDIUM] CVE-2022-46725: iOS 16.2 and iPadOS 16.2
Apple Security Update: About the security content of iOS 16.2 and iPadOS 16.2
Product: iOS 16.2 and iPadOS
Version: 16.2
CVE: CVE-2022-46725
Component: WebKit
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
Debian
CVE-2022-46725: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ...
vendor_debian·2022·CVSS 4.3
CVE-2022-46725 [MEDIUM] CVE-2022-46725: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ...
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
Scope: local
bookworm: resolved (fixed in 2.38.4-1)
bullseye: resolved (fixed in 2.38.4-2~deb11u1)
forky: resolved (fixed in 2.38.4-1)
sid: resolved (fixed in 2.38.4-1)
trixie: resolved (fixed in 2.38.4-1)
GHSA
GHSA-43qx-6r5f-7vgw: A spoofing issue existed in the handling of URLs
ghsa_unreviewed·2023-08-15
CVE-2022-46725 [MEDIUM] GHSA-43qx-6r5f-7vgw: A spoofing issue existed in the handling of URLs
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
OSV
CVE-2022-46725: A spoofing issue existed in the handling of URLs
osv·2023-08-14·CVSS 4.3
CVE-2022-46725 [MEDIUM] CVE-2022-46725: A spoofing issue existed in the handling of URLs
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-14
Published