CVE-2022-32891
First published: Mon Sep 12 2022(Updated: )
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <16.0 | |
| Apple iPhone OS | <16.0 | |
| Apple tvOS | <16.0 | |
| Apple watchOS | <9.0 | |
| Apple watchOS | <9 | 9 |
| Apple tvOS | <16 | 16 |
| Apple Safari | <16 | 16 |
| Apple iOS | <16 | 16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213442 (Advisory)
- https://security.gentoo.org/glsa/202305-32
- https://support.apple.com/en-us/HT213446 (Advisory)
- https://support.apple.com/en-us/HT213486 (Advisory)
- https://support.apple.com/en-us/HT213487 (Advisory)
- https://support.apple.com/kb/HT213446
- https://support.apple.com/kb/HT213486
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-32868
- CVE-2022-32886
- CVE-2022-32912
- CVE-2022-32891
- CVE-2022-32892
- CVE-2022-32833
- CVE-2022-42795
- CVE-2022-32907
- CVE-2022-32903
- CVE-2022-1622
- CVE-2022-32913
- CVE-2022-32949
- CVE-2022-32864
- CVE-2022-32866
- CVE-2022-32911
- CVE-2022-32914
- CVE-2022-32908
- CVE-2022-32879
- CVE-2022-32881
- CVE-2021-36690
- CVE-2022-32888
- CVE-2022-46709
- CVE-2022-32925
- CVE-2022-32858
- CVE-2022-32898
- CVE-2022-32899
- CVE-2022-32889
- CVE-2022-32854
- CVE-2022-32928
- CVE-2022-32894
- CVE-2022-32883
- CVE-2022-32870
- CVE-2022-32835
- CVE-2022-32875
- CVE-2022-32893
- CVE-2022-32827
- CVE-2022-32877
- CVE-2022-32909
- CVE-2022-32867
- CVE-2022-32865
- CVE-2022-22643
- CVE-2022-32793
- CVE-2022-26744
- CVE-2022-32887
- CVE-2022-32916
- CVE-2022-32917
- CVE-2022-32918
- CVE-2022-32795
- CVE-2022-42793
- CVE-2022-32872
- CVE-2022-42790
- CVE-2022-32871
- CVE-2022-42791
- CVE-2022-32859
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-32891.
What software is affected by CVE-2022-32891?
Safari, iOS, tvOS, and watchOS versions up to and exclusive of 16 for Apple products.
What is the severity of CVE-2022-32891?
The severity of CVE-2022-32891 is not specified.
How was CVE-2022-32891 addressed?
CVE-2022-32891 was addressed with improved UI handling.
Where can I find more information about CVE-2022-32891?
You can find more information about CVE-2022-32891 on the following references: [Link 1](https://support.apple.com/en-us/HT213446), [Link 2](https://support.apple.com/en-us/HT213487), [Link 3](https://support.apple.com/en-us/HT213486).
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/event
- source/Apple
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple safari
- canonical/apple iphone os
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple ios