CVE-2022-46698

MEDIUM

Safari <16.2 - Info Disclosure

Title source: llm

Description

A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.

References (12)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/20

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/23

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/26

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/Dec/28

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213530

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213532

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213535

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213536

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213537

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT213538

[Third Party Advisory] https://security.gentoo.org/glsa/202305-32

[Mailing List] http://seclists.org/fulldisclosure/2022/Dec/27

Scores

CVSS v3 6.5

EPSS 0.0097

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-693

Status published

Affected Products (7)

apple/icloud < 14.0

apple/safari < 16.2

apple/ipados < 16.2

apple/iphone_os < 16.2

apple/macos < 13.1

apple/tvos < 16.2

apple/watchos < 9.2

Timeline

Published Dec 15, 2022

Tracked Since Feb 18, 2026