CVE-2022-22594: 
Apple Safari vulnerability analysis and mitigation

CVE-2022-22594 is a cross-origin vulnerability discovered in Apple's IndexDB API implementation. The vulnerability was disclosed and patched in January 2022, affecting multiple Apple operating systems and browsers including iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2. The vulnerability could allow websites to track sensitive user information through the IndexDB API (Apple Support).

The vulnerability stems from a cross-origin issue in the IndexDB API that was addressed with improved input validation. It received a CVSS v3.1 base score of 6.5 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and no required privileges, but requiring user interaction (NVD).

The vulnerability allows malicious websites to potentially track sensitive user information through unauthorized access to the IndexDB API. This could lead to privacy violations and potential user tracking across different origins (Apple Support).

Apple addressed this vulnerability by implementing improved input validation in the IndexDB API. The fix was released in iOS 15.3, iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, and macOS Monterey 12.2. Users are advised to update their devices to these versions or later to mitigate the vulnerability (Apple Support).

The vulnerability was discovered and reported by Martin Bajanik of FingerprintJS, highlighting the ongoing challenges in maintaining privacy and security in web browsers (Apple Support).