Description
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.
References (5)
Scores
CVSS v3
6.1
EPSS
0.0009
EPSS Percentile
24.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1021
Status
published
Products (4)
apple/iphone_os
< 16.0
apple/safari
< 16.0
apple/tvos
< 16.0
apple/watchos
< 9.0
Published
Feb 27, 2023
Tracked Since
Feb 18, 2026