JVN#16018033
Safari URL spoofing vulnerability
Overview
Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar.
Products Affected
- Safari for Mac OS X (Mac OS X 10.3.x and Mac OS X 10.4.x)
- Safari 3.0.2 and earlier (Mac OS X, Windows XP / Vista)
- iPhone v1.0
Description
Apple's Safari is a web browser installed as default with Mac OS X.
There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users.
This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.
Impact
As it is difficult for Safari users to tell whether the displayed URL is spoofed or not, an attacker could possibly conduct phising attacks.
Solution
Update the software
Apply the latest updates provided by the vendor.
For more information, refer to the vendor's website.
Vendor Status
| Vendor | Link |
| Apple |
Apple security updates (Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.08.02
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Tomohito Yoshino of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2007-3742 |
| JVN iPedia |
JVNDB-2007-000560 |