Apple Safari vulnerabilities
1,546 known vulnerabilities affecting apple/safari.
Total CVEs
1,546
CISA KEV
27
actively exploited
Public exploits
145
Exploited in wild
21
Severity breakdown
CRITICAL211HIGH575MEDIUM741LOW19
Vulnerabilities
Page 12 of 78
CVE-2022-46689HIGHCVSS 7.0fixed in 16.22022-12-15
CVE-2022-46689 [HIGH] CWE-362 CVE-2022-46689: A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS M
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2022-42856HIGHCVSS 8.8KEVfixed in 16.22022-12-15
CVE-2022-42856 [HIGH] CWE-843 CVE-2022-42856: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of
nvd
CVE-2022-46700HIGHCVSS 8.8fixed in 16.22022-12-15
CVE-2022-46700 [HIGH] CWE-787 CVE-2022-46700: A memory corruption issue was addressed with improved input validation. This issue is fixed in Safar
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-46696HIGHCVSS 8.8fixed in 16.22022-12-15
CVE-2022-46696 [HIGH] CWE-787 CVE-2022-46696: A memory corruption issue was addressed with improved input validation. This issue is fixed in Safar
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-42867HIGHCVSS 8.8fixed in 16.22022-12-15
CVE-2022-42867 [HIGH] CWE-416 CVE-2022-42867: A use after free issue was addressed with improved memory management. This issue is fixed in Safari
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-46691HIGHCVSS 8.8fixed in 16.22022-12-15
CVE-2022-46691 [HIGH] CWE-787 CVE-2022-46691: A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safar
A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-46692MEDIUMCVSS 5.5fixed in 16.22022-12-15
CVE-2022-46692 [MEDIUM] CWE-345 CVE-2022-46692: A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.
nvd
CVE-2022-32833MEDIUMCVSS 5.3fixed in 16.02022-12-15
CVE-2022-32833 [MEDIUM] CWE-922 CVE-2022-32833: An issue existed with the file paths used to store website data. The issue was resolved by improving
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.
nvd
CVE-2022-42852MEDIUMCVSS 6.5fixed in 16.22022-12-15
CVE-2022-42852 [MEDIUM] CWE-200 CVE-2022-42852: The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.
nvd
CVE-2022-46698MEDIUMCVSS 6.5fixed in 16.22022-12-15
CVE-2022-46698 [MEDIUM] CWE-693 CVE-2022-46698: A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCl
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.
nvd
CVE-2022-3970HIGHCVSS 8.8fixed in 16.5.12022-11-13
CVE-2022-3970 [HIGH] CWE-189 CVE-2022-3970: A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f
nvd
CVE-2022-42823HIGHCVSS 8.8fixed in 16.12022-11-01
CVE-2022-42823 [HIGH] CWE-843 CVE-2022-42823: A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-32922HIGHCVSS 8.8fixed in 16.12022-11-01
CVE-2022-32922 [HIGH] CWE-416 CVE-2022-32922: A use after free issue was addressed with improved memory management. This issue is fixed in Safari
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-26716HIGHCVSS 8.8fixed in 15.52022-11-01
CVE-2022-26716 [HIGH] CWE-787 CVE-2022-26716: A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-26719HIGHCVSS 8.8fixed in 15.52022-11-01
CVE-2022-26719 [HIGH] CWE-787 CVE-2022-26719: A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-32892HIGHCVSS 8.6fixed in 16.02022-11-01
CVE-2022-32892 [HIGH] CVE-2022-32892: An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iO
An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.
nvd
CVE-2022-26717HIGHCVSS 8.8fixed in 15.52022-11-01
CVE-2022-26717 [HIGH] CWE-416 CVE-2022-26717: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-26709HIGHCVSS 8.8fixed in 15.52022-11-01
CVE-2022-26709 [HIGH] CWE-416 CVE-2022-26709: A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2022-42799MEDIUMCVSS 6.1fixed in 16.12022-11-01
CVE-2022-42799 [MEDIUM] CWE-1021 CVE-2022-42799: The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 1
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.
nvd
CVE-2022-42824MEDIUMCVSS 5.5fixed in 16.12022-11-01
CVE-2022-42824 [MEDIUM] CVE-2022-42824: A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.
nvd