CVE-2022-46725

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 14, 2023

Updated: Dec 27, 2023

Summary

CVE-2022-46725 is a URL spoofing vulnerability affecting iOS and iPadOS. The issue resided in the way URLs were handled, allowing for potential address bar spoofing. This means that users could be tricked into believing they were visiting a legitimate website, when in fact, they were on a malicious one. Apple addressed this vulnerability in iOS 16.4 and iPadOS 16.4 with enhanced input validation, preventing the exploitation of this issue. Visiting a malicious website could lead to a false sense of security and potentially expose users to various threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apple (iPhone OS)
iPadOS

Affected Vendors

Apple

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sMQ1n2
https://www.cve.org/CVERecord?id=CVE-2022-46725
https://nvd.nist.gov/vuln/detail/CVE-2022-46725

Back to Vulnerability Database