CVE-2022-42824

Description

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Affected Systems

• apple•ipados

  < 16.0

• apple•iphone_os

  < 16.1

• apple•macos

  ≥ unspecified, < 13 | < 13.0

• apple•safari

  < 16.1

• apple•tvos

  ≥ unspecified, < 16.1 | < 16.1

• apple•watchos

  ≥ unspecified, < 9.1 | < 9.1

• debian•debian_linux

  10.0 | 11.0

• fedoraproject•fedora

  35 | 36 | 37

References (13)

• https://support.apple.com/en-us/HT213488
• https://support.apple.com/en-us/HT213489
• https://support.apple.com/en-us/HT213492
• https://support.apple.com/en-us/HT213495
• https://support.apple.com/en-us/HT213491
• http://www.openwall.com/lists/oss-security/2022/11/04/4
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/
• https://www.debian.org/security/2022/dsa-5273
• https://www.debian.org/security/2022/dsa-5274
• https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/
• https://security.gentoo.org/glsa/202305-32