Details of VAR-202212-1309

ID

VAR-202212-1309

CVE

CVE-2022-46695

TITLE

Vulnerability related to improper restriction of rendered user interface layers or frames in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508

DESCRIPTION

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. iPadOS , iOS , macOS A vulnerability exists in multiple Apple products that involves improper restriction of rendered user interface layers or frames.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-46695 // JVNDB: JVNDB-2022-023508 // VULHUB: VHN-447269 // VULMON: CVE-2022-46695

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	13.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.7.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	gte	version:	16.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.7.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	gte	version:	16.0	Trust: 1.0
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	9.2	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023508 // NVD: CVE-2022-46695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-46695
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-46695
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202212-3026
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-46695
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-46695
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023508 // CNNVD: CNNVD-202212-3026 // NVD: CVE-2022-46695

PROBLEMTYPE DATA

problemtype:	CWE-1021	Trust: 1.0
problemtype:	Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023508 // NVD: CVE-2022-46695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3026

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3026

PATCH

title:

HT213535 Apple Security update

url:

https://support.apple.com/en-us/HT213530

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46695	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-023508	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3026	Trust: 0.6
db:	VULHUB	id:	VHN-447269	Trust: 0.1
db:	VULMON	id:	CVE-2022-46695	Trust: 0.1

sources: VULHUB: VHN-447269 // VULMON: CVE-2022-46695 // JVNDB: JVNDB-2022-023508 // CNNVD: CNNVD-202212-3026 // NVD: CVE-2022-46695

REFERENCES

url:	http://seclists.org/fulldisclosure/2022/dec/20	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/dec/21	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/dec/23	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2022/dec/26	Trust: 2.5
url:	https://support.apple.com/en-us/ht213536	Trust: 2.4
url:	http://seclists.org/fulldisclosure/2022/dec/27	Trust: 1.9
url:	https://support.apple.com/en-us/ht213530	Trust: 1.8
url:	https://support.apple.com/en-us/ht213531	Trust: 1.8
url:	https://support.apple.com/en-us/ht213532	Trust: 1.8
url:	https://support.apple.com/en-us/ht213535	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46695	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-46695/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-of-december-2022-40105	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-447269 // VULMON: CVE-2022-46695 // JVNDB: JVNDB-2022-023508 // CNNVD: CNNVD-202212-3026 // NVD: CVE-2022-46695

SOURCES

db:	VULHUB	id:	VHN-447269
db:	VULMON	id:	CVE-2022-46695
db:	JVNDB	id:	JVNDB-2022-023508
db:	CNNVD	id:	CNNVD-202212-3026
db:	NVD	id:	CVE-2022-46695

LAST UPDATE DATE

2024-08-14T15:06:02.502000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-447269	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2022-46695	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023508	date:	2023-11-29T03:02:00
db:	CNNVD	id:	CNNVD-202212-3026	date:	2023-01-03T00:00:00
db:	NVD	id:	CVE-2022-46695	date:	2023-11-07T03:55:49.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-447269	date:	2022-12-15T00:00:00
db:	VULMON	id:	CVE-2022-46695	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023508	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3026	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-46695	date:	2022-12-15T19:15:26.407