A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 15.3 (excluding) |
| Ipados | Apple | * | 15.3 (excluding) |
| Iphone_os | Apple | * | 15.3 (excluding) |
| Mac_os_x | Apple | 10.15 (including) | 10.15.7 (excluding) |
| Mac_os_x | Apple | 10.15.7 (including) | 10.15.7 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020 (including) | 10.15.7-security_update_2020 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-001 (including) | 10.15.7-security_update_2020-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-005 (including) | 10.15.7-security_update_2020-005 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2020-007 (including) | 10.15.7-security_update_2020-007 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-001 (including) | 10.15.7-security_update_2021-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-002 (including) | 10.15.7-security_update_2021-002 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-003 (including) | 10.15.7-security_update_2021-003 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-006 (including) | 10.15.7-security_update_2021-006 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-007 (including) | 10.15.7-security_update_2021-007 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2021-008 (including) | 10.15.7-security_update_2021-008 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-001 (including) | 10.15.7-security_update_2022-001 (including) |
| Mac_os_x | Apple | 10.15.7-security_update_2022-002 (including) | 10.15.7-security_update_2022-002 (including) |
| Mac_os_x | Apple | 10.15.7-supplemental_update (including) | 10.15.7-supplemental_update (including) |
| Macos | Apple | 11.0 (including) | 11.6.6 (excluding) |
| Macos | Apple | 12.0.0 (including) | 12.2 (excluding) |
| Tvos | Apple | * | 15.3 (excluding) |
| Watchos | Apple | * | 8.4 (excluding) |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | webkitgtk4-0:2.48.3-2.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | webkit2gtk3-0:2.34.6-1.el8 | * |
| Qtwebkit-opensource-src | Ubuntu | bionic | * |
| Qtwebkit-opensource-src | Ubuntu | devel | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/jammy | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/noble | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | focal | * |
| Qtwebkit-opensource-src | Ubuntu | impish | * |
| Qtwebkit-opensource-src | Ubuntu | jammy | * |
| Qtwebkit-opensource-src | Ubuntu | kinetic | * |
| Qtwebkit-opensource-src | Ubuntu | lunar | * |
| Qtwebkit-opensource-src | Ubuntu | mantic | * |
| Qtwebkit-opensource-src | Ubuntu | noble | * |
| Qtwebkit-opensource-src | Ubuntu | trusty | * |
| Qtwebkit-opensource-src | Ubuntu | upstream | * |
| Qtwebkit-opensource-src | Ubuntu | xenial | * |
| Qtwebkit-source | Ubuntu | bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Qtwebkit-source | Ubuntu | trusty | * |
| Qtwebkit-source | Ubuntu | xenial | * |
| Webkit2gtk | Ubuntu | bionic | * |
| Webkit2gtk | Ubuntu | devel | * |
| Webkit2gtk | Ubuntu | esm-infra/bionic | * |
| Webkit2gtk | Ubuntu | esm-infra/focal | * |
| Webkit2gtk | Ubuntu | esm-infra/xenial | * |
| Webkit2gtk | Ubuntu | focal | * |
| Webkit2gtk | Ubuntu | impish | * |
| Webkit2gtk | Ubuntu | jammy | * |
| Webkit2gtk | Ubuntu | kinetic | * |
| Webkit2gtk | Ubuntu | lunar | * |
| Webkit2gtk | Ubuntu | mantic | * |
| Webkit2gtk | Ubuntu | noble | * |
| Webkit2gtk | Ubuntu | upstream | * |
| Webkit2gtk | Ubuntu | xenial | * |
| Webkitgtk | Ubuntu | bionic | * |
| Webkitgtk | Ubuntu | esm-apps/bionic | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Webkitgtk | Ubuntu | trusty | * |
| Webkitgtk | Ubuntu | xenial | * |
| Wpewebkit | Ubuntu | esm-apps/focal | * |
| Wpewebkit | Ubuntu | esm-apps/jammy | * |
| Wpewebkit | Ubuntu | focal | * |
| Wpewebkit | Ubuntu | impish | * |
| Wpewebkit | Ubuntu | jammy | * |
| Wpewebkit | Ubuntu | trusty | * |
References
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- https://security.gentoo.org/glsa/202208-39
- https://support.apple.com/en-us/HT213053
- https://support.apple.com/en-us/HT213054
- https://support.apple.com/en-us/HT213057
- https://support.apple.com/en-us/HT213058
- https://support.apple.com/en-us/HT213059
- https://support.apple.com/kb/HT213185
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- https://security.gentoo.org/glsa/202208-39
- https://support.apple.com/en-us/HT213053
- https://support.apple.com/en-us/HT213054
- https://support.apple.com/en-us/HT213057
- https://support.apple.com/en-us/HT213058
- https://support.apple.com/en-us/HT213059
- https://support.apple.com/kb/HT213185
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256