CVE-2022-22620 Memory management was improved in macOS Monterey 12.2.1, iOS 15.3.1, and iPadOS 15.3.1. The issue is fixed in Safari 15.3.

This issue is addressed through improved memory handling. Processing maliciously crafted web content may lead to information disclosure. Apple is aware of a report that this may have been actively exploited. This issue is addressed through improved input validation. An attacker may be able to repurpose a compromised website to conduct phishing or click fraud attacks. Apple is aware of a report that this may have been actively exploited. This issue is addressed through improved input validation. An attacker may be able to repurpose a compromised website to conduct phishing or click fraud attacks.

Apple is aware of a report that this may have been actively exploited. This issue is addressed through improved input validation. An attacker may be able to repurpose a compromised website to conduct phishing or click fraud attacks. An issue was discovered where the protected content view in Safari would not correctly show the location bar of a web site that had an invalid character in its title (for example, '.com' instead of '.com'). This issue was addressed by displaying an error message when the user attempted to visit an invalid site. An issue was discovered where the protected content view in Safari would not correctly show the location bar of a web site that had an invalid character in its title (for example, '.com' instead of '.com'). This issue was addressed by displaying an error message when the user attempted to visit an invalid site

Safari Browser

An issue was discovered where the protected content view in Safari would not correctly show the location bar of a web site that had an invalid character in its title (for example, '.com' instead of '.com'). This issue was addressed by displaying an error message when the user attempted to visit an invalid site.

Security Improvements to Safari

An issue was discovered with how Safari handles the XPCService object. This issue is addressed by preventing out-of-bounds memory access. An issue was discovered with how Safari handles the XPCService object. This issue is addressed by preventing out-of-bounds memory access. An issue was discovered where Webkit could become unresponsive when a null pointer exception occurred in javascript code used on a page loaded through the

Timeline

Published on: 03/18/2022 18:15:00 UTC
Last modified on: 03/26/2022 04:23:00 UTC

References

• https://support.apple.com/en-us/HT213092
• https://support.apple.com/en-us/HT213093
• https://support.apple.com/en-us/HT213091
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22620