#VU65620 Spoofing attack in macOS - CVE-2022-32816


Vulnerability identifier: #VU65620

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32816

CWE-ID: CWE-451

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can spoof page content.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

macOS: 12.0 21A344 - 12.4 21F79

External links
http://support.apple.com/en-us/HT213345
http://bugs.webkit.org/show_bug.cgi?id=239316

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Migration Toolkit for Virtualization 2.4
SUSE update for webkit2gtk3
Debian update for webkit2gtk
Debian update for wpewebkit
SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
Ubuntu update for webkit2gtk
Fedora 35 update for webkit2gtk3
Fedora 35 update for webkit2gtk3