Vulnerability DatabaseCVE-2022-32919

CVE-2022-32919:
Alibaba Cloud Linux (Aliyun Linux) vulnerability analysis and mitigation

Overview

CVE-2022-32919 is a UI spoofing vulnerability that affects WebKit in Apple's operating systems. The vulnerability was discovered by @real_as3617 and fixed in iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1, released in December 2022. The issue affects multiple Apple devices including iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later (Apple Security, NVD).

Technical details

The vulnerability is classified as a UI spoofing issue (CWE-1021: Improper Restriction of Rendered UI Layers or Frames) in WebKit's handling of framed content. The issue was addressed with improved UI handling, specifically related to WebKit Bugzilla issue 247461. The vulnerability has a CVSS v3.1 base score of 4.7 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N (NVD).

Impact

When exploited, this vulnerability allows an attacker to conduct UI spoofing attacks by visiting a website that frames malicious content. This could potentially lead to users being deceived about the content they are interacting with (Apple Security).

Mitigation and workarounds

Apple addressed this vulnerability by implementing improved UI handling in WebKit. Users should update to iOS 16.2, iPadOS 16.2, or macOS Ventura 13.1 or later versions to protect against this vulnerability (Apple Security, Apple Security).

Additional resources

Source: This report was generated using AI

4.7

Score

Published January 10, 2024

Severity MEDIUM

CNA Score N/A

Affected Technologies

Alibaba Cloud Linux (Aliyun Linux)
Linux Debian

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 28.8

Exploitation Probability (EPSS) 0.1

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13 Severity MEDIUMHas FixAdded at: Nov 05, 2023
Red Hat Errata
- Red Hat 6, 7 Severity MEDIUMNo FixAdded at: Mar 27, 2024
- Red Hat 8 Severity MEDIUMHas FixAdded at: Mar 27, 2024
- Red Hat 9 Severity MEDIUMHas FixAdded at: Mar 27, 2024
Ubuntu Security Tracker
- Ubuntu 20.04, 22.04, 23.04, 23.10 Severity MEDIUMHas FixAdded at: Nov 21, 2023
- Ubuntu 24.04 Severity MEDIUMHas FixAdded at: May 06, 2024

See Wiz in action

Learn how Wiz connects to your environment
and gives complete visibility

Get a demo

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”

David EstlickCISO

“Wiz provides a single pane of glass to see what is going on in our cloud environments.”

Adam FletcherChief Security Officer

“We know that if Wiz identifies something as critical, it actually is.”

Greg PoniatowskiHead of Threat and Vulnerability Management