CVE-2022-26486 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
The issue is triggered when WebGPU is enabled in a site and a malformed message is received by the browser. By sending a malformed message,
CVE-2022-22759 An iframe with sandboxed scripts wouldn't allow scripts if a document append element has a JavaScript event handler.
An iframe can have an event handler that runs scripts on the iframe's parent. The event can be prevented from running by blocking the event
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability
The earlier ID was assigned to a Cross-Origin Resource Sharing (CORS) bypass vulnerability in Open Graph API. This is an important feature to let a
CVE-2022-42823 Improved memory handling was addressed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1 and iOS 16.1.
An address bar spoofing issue was patched in Safari. The spoofing issue allowed a remote attacker to change the destination site by injecting malicious code
CVE-2022-42790 Apple fixed a logic issue in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7.
A user may be able to view restricted content from the notification center on an iOS device. This issue is addressed on iOS 16. A
Episode
00:00:00
00:00:00