Published:2010/11/26 Last Updated:2010/11/26

JVN#46026251
Safari address bar spoofing vulnerability

Overview

Safari contains a vulnerability where the URL displayed in the address may be spoofed.

Products Affected

Safari prior to 5.0
Safari prior to 4.1

Description

Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed.

Impact

Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed are different.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
Apple	About the security content of Safari 5.0 and Safari 4.1
	About the security content of iOS 4

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2010-1384
JVN iPedia	JVNDB-2010-001538

JVN
HOME
What is JVN ?
Instructions
List of Vulnerability Report
VN_JP
VN_JP(Unreachable)
VN_VU
TA
TRnotes
JVN iPedia
MyJVN
JVNJS/RSS
Vendor List
List of unreachable developers
Contact

JVN#46026251 Safari address bar spoofing vulnerability