Exploitation Summary
CVE-2022-46705 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
References (8)
Core 8
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213530
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213532
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213537
Vendor Advisory
https://support.apple.com/kb/HT213531
Vendor Advisory
https://support.apple.com/kb/HT213535
Vendor Advisory
https://support.apple.com/kb/HT213536
Vendor Advisory
https://support.apple.com/kb/HT213676
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2023/11/15/1
Scores
CVSS v3
4.3
EPSS
0.0012
EPSS Percentile
30.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
VulnCheck KEV
2022-12-13
Status
published
Products (6)
apple/ipados
< 15.7.2
apple/iphone_os
< 15.7.2
apple/macos
< 13.1
apple/safari
< 16.2
apple/tvos
< 16.2
apple/watchos
< 9.2
Published
Feb 27, 2023
Tracked Since
Feb 18, 2026