#VU65620 Spoofing attack in macOS


Published: 2022-07-21

Vulnerability identifier: #VU65620

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32816

CWE-ID:

Exploitation vector: Network

Exploit availability:

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can spoof page content.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

macOS: 12.0 21A344 - 12.4 21F79

Fixed software versions

CPE

External links
http://support.apple.com/en-us/HT213345
http://bugs.webkit.org/show_bug.cgi?id=239316

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Migration Toolkit for Virtualization 2.4
SUSE update for webkit2gtk3
Debian update for webkit2gtk
Debian update for wpewebkit
SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
Ubuntu update for webkit2gtk
Arch Linux update for webkit2gtk-4.1
Arch Linux update for webkit2gtk