{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202209-0768",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.7"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "16.0"
      },
      {
        "model": "safari",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "15.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169602"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-32868",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-32868",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-32868",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-32868",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-32868",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-780",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions. \n\nAdditional CVE entries to be added soon. Apple is aware of a report that this issue may\nhave been actively exploited. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\n\niOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213446. \n\nAccelerate Framework\nAvailable for: iPhone 8 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, and an anonymous researcher\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple TV\nAvailable for: iPhone 8 and later\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nContacts\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nCrash Reporter\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\nEntry added October 27, 2022\n\nDriverKit\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nExchange\nAvailable for: iPhone 8 and later\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\nEntry added October 27, 2022\n\nImageIO\nAvailable for: iPhone 8 and later\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\nIOGPUFamily\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32887: an anonymous researcher\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nEntry updated October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \nCVE-2022-32917: an anonymous researcher \n\nMaps\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas, breakpointhq.com\n\nMediaLibrary\nAvailable for: iPhone 8 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\nEntry added October 27, 2022\n\nPhotos\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\nEntry added October 27, 2022\n\nSafari\nAvailable for: iPhone 8 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: This issue was addressed with improved checks. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. \nWebKit Bugzilla: 242278\nCVE-2022-32868: Michael\n\nSandbox\nAvailable for: iPhone 8 and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nShortcuts\nAvailable for: iPhone 8 and later\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32872: Elite Tech Guru\n\nSidecar\nAvailable for: iPhone 8 and later\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSiri\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/andrew-goldberg-/)\nEntry added October 27, 2022\n\nSQLite\nAvailable for: iPhone 8 and later\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\nEntry added October 27, 2022\n\nTime Zone\nAvailable for: iPhone 8 and later\nImpact: Deleted contacts may still appear in spotlight search results\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32859\nEntry added October 27, 2022\n\nWatch app\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read a persistent device identifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\nEntry added October 27, 2022\n\nWeather\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243236\nCVE-2022-32891: @real_as3617, and an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Alexander Heinrich, Milan Stute, and\nChristian Weinert of Technical University of Darmstadt for their\nassistance. \nEntry added October 27, 2022\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \nEntry added October 27, 2022\n\nCalendar UI\nWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of\nLakshmi Narain College Of Technology Bhopal for their assistance. \nEntry added October 27, 2022\n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nGame Center\nWe would like to acknowledge Joshua Jones for their assistance. \n\niCloud\nWe would like to acknowledge B\u00fclent Aytulun, and an anonymous\nresearcher for their assistance. \nEntry added October 27, 2022\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nKernel\nWe would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting\nYin of Tsinghua University, and Min Zheng of Ant Group, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nNotes\nWe would like to acknowledge Edward Riley of Iron Cloud Limited\n(ironclouduk.com) for their assistance. \nEntry added October 27, 2022\n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \nEntry added October 27, 2022\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added October 27, 2022\n\nShortcuts\nWe would like to acknowledge Shay Dror for their assistance. \nEntry added October 27, 2022\n\nSOS\nWe would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber\nSecurity Lab for their assistance. \nEntry added October 27, 2022\n\nUIKit\nWe would like to acknowledge Aleczander Ewing, Simon de Vegt, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke\nNxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC\nC5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7\nK+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM\nZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK\nEtd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU\nUr+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp\nrpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K\ntORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU\nrFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ\nOg/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR\nnYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=\n=I+iq\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424957"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169602"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-424957",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424957"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32868",
        "trust": 3.9
      },
      {
        "db": "PACKETSTORM",
        "id": "168362",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169602",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4527",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "169560",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169559",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168341",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168342",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-424957",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "id": "VAR-202209-0768",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424957"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:46:33.262000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT213445 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT213442"
      },
      {
        "title": "Apple macOS Safari Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=208418"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/50"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/39"
      },
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2022/oct/40"
      },
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht213442"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213445"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht213446"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
      },
      {
        "trust": 0.6,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht201222."
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4527"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-32868/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168362/apple-security-advisory-2022-09-12-5.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169602/apple-security-advisory-2022-10-27-14.html"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32872"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32883"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32917"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht213445."
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht213442."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32891"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht213446."
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32899"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32879"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32867"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32859"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32858"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32835"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32827"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424957"
      },
      {
        "date": "2023-10-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "date": "2022-09-13T15:27:13",
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "date": "2022-09-13T15:45:03",
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "date": "2022-09-13T15:26:55",
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "date": "2022-10-31T14:22:19",
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "date": "2022-10-31T14:22:02",
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "date": "2022-10-31T15:01:45",
        "db": "PACKETSTORM",
        "id": "169602"
      },
      {
        "date": "2022-09-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      },
      {
        "date": "2022-09-20T21:15:10.830000",
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424957"
      },
      {
        "date": "2023-10-24T01:45:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      },
      {
        "date": "2022-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      },
      {
        "date": "2022-12-08T03:34:58.107000",
        "db": "NVD",
        "id": "CVE-2022-32868"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-780"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerabilities in multiple Apple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018935"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow, spoof, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168342"
      },
      {
        "db": "PACKETSTORM",
        "id": "168362"
      },
      {
        "db": "PACKETSTORM",
        "id": "168341"
      },
      {
        "db": "PACKETSTORM",
        "id": "169560"
      },
      {
        "db": "PACKETSTORM",
        "id": "169559"
      },
      {
        "db": "PACKETSTORM",
        "id": "169602"
      }
    ],
    "trust": 0.6
  }
}

{
  "GSD": {
    "alias": "CVE-2022-32868",
    "description": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.",
    "id": "GSD-2022-32868"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32868"
      ],
      "details": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.",
      "id": "GSD-2022-32868",
      "modified": "2023-12-13T01:19:12.826367Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2022-32868",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "16"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Safari",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "16"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A website may be able to track users through Safari web extensions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213446",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213446"
          },
          {
            "name": "https://support.apple.com/en-us/HT213445",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213445"
          },
          {
            "name": "https://support.apple.com/en-us/HT213442",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213442"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
          },
          {
            "name": "20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2022/Oct/50"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "16.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2022-32868"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT213442",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213442"
            },
            {
              "name": "https://support.apple.com/en-us/HT213445",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213445"
            },
            {
              "name": "https://support.apple.com/en-us/HT213446",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT213446"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/50"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-12-08T03:34Z",
      "publishedDate": "2022-09-20T21:15Z"
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2022-32868"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-20T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.",
  "id": "GHSA-2xc7-wvf3-85p6",
  "modified": "2022-09-23T00:00:37Z",
  "published": "2022-09-21T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32868"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213442"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213445"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213446"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/39"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/40"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Oct/50"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1394 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1394.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1394 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1394"
      },
      {
        "category": "external",
        "summary": "Apple vom 2022-09-12",
        "url": "https://support.apple.com/en-us/HT213445"
      },
      {
        "category": "external",
        "summary": "Apple vom 2022-09-12",
        "url": "https://support.apple.com/en-us/HT213446"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple iOS und Apple iPadOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-13T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:35:03.161+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-1394",
      "initial_release_date": "2022-09-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-09-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-10-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE\u0027s erg\u00e4nzt"
        },
        {
          "date": "2023-04-13T22:00:00.000+00:00",
          "number": "3",
          "summary": "CVE Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Apple iOS \u003c 15.7",
                "product": {
                  "name": "Apple iOS \u003c 15.7",
                  "product_id": "T024545",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:15.7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Apple iOS \u003c 16",
                "product": {
                  "name": "Apple iOS \u003c 16",
                  "product_id": "T024547",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:iphone_os:16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "category": "product_name",
            "name": "Apple iPadOS \u003c 15.7",
            "product": {
              "name": "Apple iPadOS \u003c 15.7",
              "product_id": "T024546",
              "product_identification_helper": {
                "cpe": "cpe:/o:apple:ipados:15.7"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-46709",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-46709"
    },
    {
      "cve": "CVE-2022-32925",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32925"
    },
    {
      "cve": "CVE-2022-32917",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32917"
    },
    {
      "cve": "CVE-2022-32916",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32916"
    },
    {
      "cve": "CVE-2022-32912",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32912"
    },
    {
      "cve": "CVE-2022-32911",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32911"
    },
    {
      "cve": "CVE-2022-32908",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32908"
    },
    {
      "cve": "CVE-2022-32889",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32889"
    },
    {
      "cve": "CVE-2022-32887",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32887"
    },
    {
      "cve": "CVE-2022-32886",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32886"
    },
    {
      "cve": "CVE-2022-32883",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32883"
    },
    {
      "cve": "CVE-2022-32872",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32872"
    },
    {
      "cve": "CVE-2022-32871",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32871"
    },
    {
      "cve": "CVE-2022-32868",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32868"
    },
    {
      "cve": "CVE-2022-32864",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32864"
    },
    {
      "cve": "CVE-2022-32854",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32854"
    },
    {
      "cve": "CVE-2022-32833",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32833"
    },
    {
      "cve": "CVE-2022-32795",
      "notes": [
        {
          "category": "description",
          "text": "In Apple iOS und Apple iPadOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Contacts, Kernel, Maps, MediaLibrary, Safari, Safari Extensions, Shortcuts und WebKit. Ein entfernter anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erh\u00f6hte Rechte."
        }
      ],
      "release_date": "2022-09-12T22:00:00.000+00:00",
      "title": "CVE-2022-32795"
    }
  ]
}