CVE-2022-32839 The issue was fixed with improved bounds checks in macOS Monterey, Big Sur, Security Update 2022-005 Catalina, and iOS 15.6, tvOS 15.6, and watchOS 8.7.
To fix this, developers should better validate input parameters, use mitigations such as XSS filter or content inspection, or implement rate limiting. This issue is addressed by improved input validation. A maliciously crafted URL can cause denial of service. To avoid this, applications should filter URLs that appear to come from a trusted source. This issue is fixed in macOS High Sierra 10.13.6, Security Update 2018-001 Sierra, iOS 12.1, watchOS 5.1.1, and macOS Mojave 10.14. An attacker with a privileged network position can forge HTTP/2 responses to inject arbitrary code. To protect against this, apps should verify the remote host of an incoming connection.
CVE-2019-3860
The above issue is fixed in macOS Mojave 10.14. An attacker with a privileged network position can forge HTTP/2 responses to inject arbitrary code. To protect against this, apps should verify the remote host of an incoming connection.
CVE-2023-32838
To protect against this, apps should verify the remote host of an incoming connection.
MITIGATION: Verify remote host
To protect against this, apps should verify the remote host of an incoming connection.
This issue is fixed in macOS High Sierra 10.13.6, Security Update 2018-001 Sierra, iOS 12.1, watchOS 5.1.1, and macOS Mojave 10.14. An attacker with a privileged network position can forge HTTP/2 responses to inject arbitrary code. To protect against this, apps should verify the remote host of an incoming connection.
Timeline
Published on: 08/24/2022 20:15:00 UTC
Last modified on: 08/29/2022 15:50:00 UTC
References
- https://support.apple.com/en-us/HT213344
- https://support.apple.com/en-us/HT213345
- https://support.apple.com/en-us/HT213342
- https://support.apple.com/en-us/HT213343
- https://support.apple.com/en-us/HT213340
- https://support.apple.com/en-us/HT213346
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32839