Wiz
Vulnerability DatabaseCVE-2022-46705

CVE-2022-46705
Apple Safari vulnerability analysis and mitigation

Overview

CVE-2022-46705 is a spoofing vulnerability discovered in WebKit that affects multiple Apple operating systems including iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, and Safari 16.2. The vulnerability was discovered by Hyeon Park (@tree_segment) of Team ApplePIE and was disclosed in December 2022. The issue allowed malicious websites to perform address bar spoofing attacks (Apple Support, WebKit Advisory).

Technical details

The vulnerability stems from a spoofing issue that existed in the handling of URLs in WebKit. The issue was tracked as WebKit Bugzilla: 247287 and was addressed by implementing improved input validation (Apple Support, WebKit Advisory).

Impact

When exploited, this vulnerability could allow an attacker to create a malicious website that leads to address bar spoofing, potentially misleading users about the website they are visiting (Apple Support).

Mitigation and workarounds

Apple addressed this vulnerability by implementing improved input validation in WebKit. Users are advised to update to iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, or Safari 16.2, depending on their device (Apple Support, WebKit Advisory).

Additional resources

SourceThis report was generated using AI

Related Apple Safari vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-43000HIGH8.8
  • Apple SafariApple Safari
  • webkitgtk4-plugin-process-gtk2
NoYesNov 05, 2025
CVE-2025-43502HIGH7.5
  • Apple SafariApple Safari
  • cpe:2.3:a:apple:safari
NoYesNov 04, 2025
CVE-2025-31266MEDIUM4.3
  • Apple SafariApple Safari
  • cpe:2.3:a:apple:safari
NoYesNov 21, 2025
CVE-2025-43503MEDIUM4.3
  • Apple SafariApple Safari
  • cpe:2.3:a:apple:safari
NoYesNov 04, 2025
CVE-2025-43493MEDIUM4.3
  • Apple SafariApple Safari
  • cpe:2.3:a:apple:safari
NoYesNov 04, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo