CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.

Published: Nov 1, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-42799
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-1021

Affected Software
References

Software	From	Fixed in
apple / macos	-	13.0
apple / watchos	-	9.1
apple / tvos	-	16.1
apple / ipados	-	16.0
apple / iphone_os	-	16.1
apple / safari	-	16.1
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

http://www.openwall.com/lists/oss-security/2022/11/04/4
https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
https://lists.fedoraproject.org/archives/list/[email protected]/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
https://lists.fedoraproject.org/archives/list/[email protected]/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
https://security.gentoo.org/glsa/202305-32
https://support.apple.com/en-us/HT213488
https://support.apple.com/en-us/HT213489
https://support.apple.com/en-us/HT213491
https://support.apple.com/en-us/HT213492
https://support.apple.com/en-us/HT213495
https://www.debian.org/security/2022/dsa-5273
https://www.debian.org/security/2022/dsa-5274

Vulnerability Database

290,020

CVE-2022-42799