Apple Safari vulnerabilities

CVE-2022-32886 [HIGH] CWE-787 CVE-2022-32886: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-32861 [MEDIUM] CVE-2022-32861: A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macO A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.

CVE-2022-32868 [MEDIUM] CVE-2022-32868: A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16 A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.

CVE-2022-32893 [HIGH] CWE-787 CVE-2022-32893: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2022-2294 [HIGH] CVE-2022-2294: Safari 15.6 Apple Security Update: About the security content of Safari 15.6 Product: Safari Version: 15.6 CVE: CVE-2022-2294 Component: WebRTC Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management.

CVE-2022-32792 [HIGH] CVE-2022-32792: Safari 15.6 Apple Security Update: About the security content of Safari 15.6 Product: Safari Version: 15.6 CVE: CVE-2022-32792 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2022-22620 [HIGH] CWE-416 CVE-2022-22620: A use after free issue was addressed with improved memory management. This issue is fixed in macOS M A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2022-22590 [HIGH] CWE-416 CVE-2022-22590: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-22654 [MEDIUM] CVE-2022-22654: A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a ma A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.

CVE-2022-22592 [MEDIUM] CVE-2022-22592: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVE-2022-22594 [MEDIUM] CWE-346 CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

CVE-2022-22589 [MEDIUM] CVE-2022-22589: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 a A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

CVE-2021-30818 [HIGH] CWE-843 CVE-2021-30818: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 a A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30809 [HIGH] CWE-416 CVE-2021-30809: A use after free issue was addressed with improved memory management. This issue is fixed in Safari A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30823 [MEDIUM] CVE-2021-30823: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

CVE-2021-30836 [MEDIUM] CWE-125 CVE-2021-30836: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.

CVE-2021-30888 [HIGH] CVE-2021-30888: Safari 15.1 Apple Security Update: About the security content of Safari 15.1 Product: Safari Version: 15.1 CVE: CVE-2021-30888 Component: WebKit Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior Description: An information leakage issue was addressed.

CVE-2021-30889 [HIGH] CVE-2021-30889: Safari 15.1 Apple Security Update: About the security content of Safari 15.1 Product: Safari Version: 15.1 CVE: CVE-2021-30889 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30887 [MEDIUM] CVE-2021-30887: Safari 15.1 Apple Security Update: About the security content of Safari 15.1 Product: Safari Version: 15.1 CVE: CVE-2021-30887 Component: WebKit Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: A logic issue was addressed with improved restrictions.

CVE-2021-30890 [MEDIUM] CVE-2021-30890: Safari 15.1 Apple Security Update: About the security content of Safari 15.1 Product: Safari Version: 15.1 CVE: CVE-2021-30890 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management.