CVE-2022-32923: 
Apple Safari vulnerability analysis and mitigation

CVE-2022-32923 is a security vulnerability discovered in WebKit, affecting multiple Apple operating systems and Safari browser. The vulnerability was identified by Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab and was fixed in tvOS 16.1, iOS 15.7.1, iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. The issue was publicly disclosed on October 27, 2022 (Apple Support).

The vulnerability is a correctness issue in the Just-In-Time (JIT) compiler component of WebKit. The security flaw was addressed with improved checks in the JIT implementation. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability allows processing of maliciously crafted web content that may disclose internal states of the application. This could potentially lead to information disclosure and compromise of sensitive application data (WebKit Security Advisory).

Apple has released security updates to address this vulnerability across multiple platforms. Users should update to tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16 or later versions. These updates include improved checks in the JIT compiler to prevent exploitation (Apple Support).