CVE-2022-46725 — Improper Input Validation in Apple IOS AND Ipados

CWE-20 — Improper Input Validation8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 74.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Ipados Apple Iphone OS +5 more

Timeline

PublishedAug 14

Latest updateNov 15

Description

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

▶NVDapple/ipados< 16.4

▶CVEListV5apple/ios_and_ipadosunspecified — 16.4

▶Appleapple/ios_16.2_and_ipados16.2

▶Appleapple/ios_16.4_and_ipados16.4

▶NVDapple/iphone_os< 16.4

🔴Vulnerability Details

GHSA

GHSA-43qx-6r5f-7vgw: A spoofing issue existed in the handling of URLs↗2023-08-15

▶

OSV

CVE-2022-46725: A spoofing issue existed in the handling of URLs↗2023-08-14

▶

📋Vendor Advisories

Red Hat

webkitgtk: Visiting a malicious website may lead to address bar spoofing.↗2023-11-15

▶

Apple

CVE-2022-46725: iOS 16.4 and iPadOS 16.4↗2023-03-27

▶

Apple

CVE-2022-46725: macOS Ventura 13.1↗2022-12-13

▶

Apple

CVE-2022-46725: iOS 16.2 and iPadOS 16.2↗2022-12-13

▶

Debian

CVE-2022-46725: webkit2gtk - A spoofing issue existed in the handling of URLs. This issue was addressed with ...↗2022

▶