Vulnerability Name:	CVE-2022-42799 (CCN-238776)
Assigned:	2022-10-24
Published:	2022-10-24
Updated:	2023-05-30
Summary:	Apple tvOS, macOS Ventura, watchOS, Safari iOS and iPadOS could allow a remote attacker to conduct spoofing attacks, caused by improper UI handling. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to spoof the user interface.
CVSS v3 Severity:	6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C) Exploitability Metrics: Attack Vector (AV):  Attack Complexity (AC):  Privileges Required (PR):  User Interaction (UI):  Scope: Scope (S):  Impact Metrics: Confidentiality (C):  Integrity (I):  Availibility (A):  6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) 5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C) Exploitability Metrics: Attack Vector (AV):  Attack Complexity (AC):  Privileges Required (PR):  User Interaction (UI):  Scope: Scope (S):  Impact Metrics: Confidentiality (C):  Integrity (I):  Availibility (A):
CVSS v2 Severity:	6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N) Exploitability Metrics: Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance Impact Metrics: Confidentiality (C): None Integrity (I): Complete Availibility (A): None
Vulnerability Consequences:	Gain Access
References:	Source: MITRE Type: CNA CVE-2022-42799 Source: product-security@apple.com Type: Mailing List, Third Party Advisory product-security@apple.com Source: XF Type: UNKNOWN apple-ios-cve202242799-spoofing(238776) Source: product-security@apple.com Type: Mailing List, Third Party Advisory product-security@apple.com Source: product-security@apple.com Type: Mailing List, Third Party Advisory product-security@apple.com Source: product-security@apple.com Type: Mailing List, Third Party Advisory product-security@apple.com Source: product-security@apple.com Type: Mailing List, Third Party Advisory product-security@apple.com Source: product-security@apple.com Type: UNKNOWN product-security@apple.com Source: product-security@apple.com Type: Release Notes, Vendor Advisory product-security@apple.com Source: CCN Type: Apple security document HT213489 About the security content of iOS 16.1 and iPadOS 16 Source: product-security@apple.com Type: Release Notes, Vendor Advisory product-security@apple.com Source: product-security@apple.com Type: Release Notes, Vendor Advisory product-security@apple.com Source: product-security@apple.com Type: Release Notes, Vendor Advisory product-security@apple.com Source: product-security@apple.com Type: Release Notes, Vendor Advisory product-security@apple.com Source: product-security@apple.com Type: Third Party Advisory product-security@apple.com Source: product-security@apple.com Type: Third Party Advisory product-security@apple.com
Vulnerability Name:	CVE-2022-42799 (CCN-238791)
Assigned:	2022-10-24
Published:	2022-10-24
Updated:	2022-10-24
Summary:	Apple Safari could allow a remote attacker to conduct spoofing attacks, caused by an error in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform UI spoofing.
CVSS v3 Severity:	6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C) Exploitability Metrics: Attack Vector (AV):  Attack Complexity (AC):  Privileges Required (PR):  User Interaction (UI):  Scope: Scope (S):  Impact Metrics: Confidentiality (C):  Integrity (I):  Availibility (A):  6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) 5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C) Exploitability Metrics: Attack Vector (AV):  Attack Complexity (AC):  Privileges Required (PR):  User Interaction (UI):  Scope: Scope (S):  Impact Metrics: Confidentiality (C):  Integrity (I):  Availibility (A):
CVSS v2 Severity:	6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N) Exploitability Metrics: Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance Impact Metrics: Confidentiality (C): None Integrity (I): Complete Availibility (A): None
Vulnerability Consequences:	Gain Access
References:	Source: MITRE Type: CNA CVE-2022-42799 Source: XF Type: UNKNOWN apple-safari-cve202242799-spoofing(238791) Source: CCN Type: Apple security document HT213495 About the security content of Safari 16.1
Oval Definitions
Definition ID Class Title Last Modified oval:org.opensuse.security:def:8033 P libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 on GA media (Moderate) 2023-06-20 oval:org.opensuse.security:def:7603 P libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 on GA media (Moderate) 2023-06-12 oval:org.opensuse.security:def:7941 P libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 on GA media (Moderate) 2023-06-12
BACK