Topic

Safari

A collection of 12 issues

CVE-2022-32886 An overflow issue was fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7.

This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. An issue where system extensions could load malicious code was addressed through improved extension detection. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. An issue where

CVE-2022-32893 An out-of-bounds write issue was fixed in iOS/iPadOS/MacOS Monterey/Safari 15.6.1. Malicious content may lead to arbitrary code execution.

The issue is addressed by installing the latest software updates. An out-of-bounds read issue was discovered in the caching of font assets. This issue may allow a remote attacker to exploit memory corruption and gain access to potentially sensitive information. Apple is aware of a report that this issue was

CVE-2022-32550 An issue was found in AgileBits 1Password's method for connecting to the 1Password service.

This could then lead to the disclosure of passwords or other sensitive data. To reduce the likelihood of this happening, 1Password apps and integrations are constantly checking whether they are communicating with the 1Password service. If they are not, they will display a warning message. 1Password users are encouraged to

CVE-2022-32158 Deployment servers in versions 8.1.10.1, 8.2.6.1, and 9.0 allow clients to deploy forwarder bundles to each other.

This vulnerability was fixed in version 8.1.10.1, 8.2.6.1, and 9.0. CVE-2022-32159 This vulnerability was fixed in version 8.1.10.1, 8.2.6.1, and 9.0. CVE-2022-32158: This vulnerability was fixed in version 8.1.10.1, 8.2.6.1,

CVE-2022-22675 Out-of-bounds write issue fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1, and iPadOS 15.4.1

This issue is fixed in iOS 15.4.1, watchOS 8.6, tvOS 15.5 and macOS High Sierra 10.13.5. An out-of-bounds read issue exists when processing URLs in Safari. This issue is fixed in iOS 15.4.1 and Safari 12.0. Apple has received reports that

CVE-2022-22977 VMware Tools contains an XXE vulnerability.

XXE is a type of cross-site scripting (XSS) vulnerability that occurs when untrusted data is fed into a web application. Depending on the context in which the data is used, it can have various impacts. For example, malicious data injected into an email message can be very harmful, as users

CVE-2022-27505 Reflected cross site scripting (XSS)

XSS is a type of injection that occurs when user input is not filtered properly and is redirected to another site. There are many different types of XSS, including: Reflected XSS – The user is redirected to a site that allows injection, but the injection is tested against the code on

CVE-2022-23973 ASUS RT-AX56U has a user profile configuration vulnerability that is vulnerable to buffer overflow due to insufficient validation of parameters.

The issue is resolved in RT-AX56U firmware version 1.0.3.3 from February 12, 2017. An attacker can access the user profile configuration function by sending HTTP request with malicious data. In the case of RT-AX56U, the value of “User 1” is “\x01\x57\x57\x57\x57\x57”, which

CVE-2022-22592 Improved state management was addressed in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, and Safari 15.3.

This issue is addressed by allowing the X-Frame-Options response header to be set. A maliciously crafted website could exploit this vulnerability to access content protected against cross-origin access restrictions. On iOS and macOS, this issue is mitigated with improved state management. Exploitation of this issue may allow remote code execution.

CVE-2022-22585 Symlinks were being validated incorrectly in iOS 15.3. This is fixed in iOS 15.3 and later.

An application may be able to access a user's files. This issue may occur through a maliciously crafted URL or through a malformed link in an email. This issue did not exist in iOS 15.3 and watchOS 8.4. An application may be able to access a user's files.