CVE-2022-46725

MEDIUM

iOS and iPadOS <16.4 - Address Bar Spoofing via URL Handling

Title source: manual

Description

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2023/11/15/1

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213676

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 21.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

Status published

Products (2)

apple/ipados < 16.4

apple/iphone_os < 16.4

Published Aug 14, 2023

Tracked Since Feb 18, 2026