Action not permitted
Modal body text goes here.
wid-sec-w-2022-2314
Vulnerability from csaf_certbund
Published
2022-12-13 23:00
Modified
2022-12-13 23:00
Summary
Apple Safari: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Safari ist der auf Apple Geräten eingesetzte Web Browser.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um Code auszuführen, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen.
Betroffene Betriebssysteme
- UNIX
- Linux
- MacOS X
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2314 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2314.json" }, { "category": "self", "summary": "WID-SEC-2022-2314 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2314" }, { "category": "external", "summary": "Apple Security Advisory vom 2022-12-13", "url": "https://support.apple.com/de-de/HT213537" } ], "source_lang": "en-US", "title": "Apple Safari: Mehrere Schwachstellen", "tracking": { "current_release_date": "2022-12-13T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:06:33.631+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2314", "initial_release_date": "2022-12-13T23:00:00.000+00:00", "revision_history": [ { "date": "2022-12-13T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Apple Safari \u003c 16.2", "product": { "name": "Apple Safari \u003c 16.2", "product_id": "T025599", "product_identification_helper": { "cpe": "cpe:/a:apple:safari:16.2" } } } ], "category": "vendor", "name": "Apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-46700", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-46700" }, { "cve": "CVE-2022-46699", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-46699" }, { "cve": "CVE-2022-46698", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-46698" }, { "cve": "CVE-2022-46696", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-46696" }, { "cve": "CVE-2022-46692", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-46692" }, { "cve": "CVE-2022-46691", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-46691" }, { "cve": "CVE-2022-42867", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-42867" }, { "cve": "CVE-2022-42863", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-42863" }, { "cve": "CVE-2022-42856", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-42856" }, { "cve": "CVE-2022-42852", "notes": [ { "category": "description", "text": "In Apple Safari existieren mehrere Schwachstellen. Die Ursachen sind unter anderem Use-After-Free Fehler, Probleme in der Speicherverwaltung und ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Code auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen und Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2022-12-13T23:00:00Z", "title": "CVE-2022-42852" } ] }
cve-2022-42856
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213516" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/22" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213531" }, { "url": "https://support.apple.com/en-us/HT213516" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/22" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-42856", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:05.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46691
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213531" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-46691", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T14:39:38.517Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46692
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.222Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213538" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iCloud for Windows", "vendor": "Apple", "versions": [ { "lessThan": "14.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may bypass Same Origin Policy", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213538" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213531" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-46692", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T14:39:38.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46696
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-46696", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T14:39:38.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46699
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.530Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-46699", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T14:39:38.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42852
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:04.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may result in the disclosure of process memory", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213531" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-42852", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:04.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46698
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213538" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iCloud for Windows", "vendor": "Apple", "versions": [ { "lessThan": "14.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may disclose sensitive user information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213538" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-46698", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T14:39:38.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42863
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-42863", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:05.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46700
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "15.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213531" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-46700", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T14:39:38.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42867
Vulnerability from cvelistv5
Published
2022-12-15 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213535" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213532" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213530" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "13.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "9.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "16.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT213535" }, { "url": "https://support.apple.com/en-us/HT213532" }, { "url": "https://support.apple.com/en-us/HT213530" }, { "url": "https://support.apple.com/en-us/HT213536" }, { "url": "https://support.apple.com/en-us/HT213537" }, { "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/20" }, { "name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/28" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "name": "[oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/26/1" }, { "url": "https://security.gentoo.org/glsa/202305-32" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-42867", "datePublished": "2022-12-15T00:00:00", "dateReserved": "2022-10-11T00:00:00", "dateUpdated": "2024-08-03T13:19:05.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.