CVE-2022-42799
CVE-2022-42799
In short
A malicious website can trick users by displaying fake interface elements that look like legitimate parts of the browser or system, potentially deceiving them into clicking on harmful content or entering sensitive information.
Technical detail
UI spoofing vulnerability in Safari and Apple OS browsers allowing attackers to overlay or manipulate interface elements through malicious websites; requires user interaction with the affected site and impacts user trust through presentation of deceptive UI components; mitigated through improved UI validation and rendering controls.
Summary generated and translated by AI from the official description.
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.debian.org/debian-lts-announce/2022/11/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ/https://security.gentoo.org/glsa/202305-32https://support.apple.com/en-us/HT213488https://support.apple.com/en-us/HT213489https://support.apple.com/en-us/HT213491https://support.apple.com/en-us/HT213492https://support.apple.com/en-us/HT213495https://www.debian.org/security/2022/dsa-5273https://www.debian.org/security/2022/dsa-5274