{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-46695","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","dateUpdated":"2025-04-21T14:20:52.045Z","dateReserved":"2022-12-07T00:00:00.000Z","datePublished":"2022-12-15T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2022-12-21T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing."}],"affected":[{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"16.2","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"13.1","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"16.2","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"15.7","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"watchOS","versions":[{"version":"unspecified","lessThan":"9.2","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://support.apple.com/en-us/HT213535"},{"url":"https://support.apple.com/en-us/HT213532"},{"url":"https://support.apple.com/en-us/HT213530"},{"url":"https://support.apple.com/en-us/HT213531"},{"url":"https://support.apple.com/en-us/HT213536"},{"name":"20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/20"},{"name":"20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"name":"20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"},{"name":"20221220 APPLE-SA-2022-12-13-7 tvOS 16.2","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"name":"20221220 APPLE-SA-2022-12-13-8 watchOS 9.2","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/27"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Visiting a website that frames malicious content may lead to UI spoofing"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T14:39:38.550Z"},"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213535","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213532","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213530","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213531","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213536","tags":["x_transferred"]},{"name":"20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/20"},{"name":"20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"name":"20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"},{"name":"20221220 APPLE-SA-2022-12-13-7 tvOS 16.2","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"name":"20221220 APPLE-SA-2022-12-13-8 watchOS 9.2","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/27"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1021","lang":"en","description":"CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-21T14:20:44.294693Z","id":"CVE-2022-46695","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-21T14:20:52.045Z"}}]}}