#VU70514 Spoofing attack in WebKitGTK+ and WPE WebKit


Published: 2022-12-28 | Updated: 2023-11-16

Vulnerability identifier: #VU70514

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-46705

CWE-ID: CWE-451

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WebKitGTK+
Server applications / Frameworks for developing and running applications
WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor:

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of URL in WebKit. A remote attacker can spoof the browser's address bar.

Mitigation
Install update from vendor's website.

Vulnerable software versions

External links
http://support.apple.com/en-us/HT213532
http://webkitgtk.org/security/WSA-2023-0010.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
SUSE update for webkit2gtk3
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Spoofing attack in WebKitGTK
Multiple vulnerabilities in Apple watchOS
Multiple vulnerabilities in Apple tvOS
Multiple vulnerabilities in Apple iOS 16 and iPadOS 16
Multiple vulnerabilities in Apple iOS 15 and iPadOS 15