[Japanese]
|
JVNDB-2007-000560
|
Safari URL spoofing vulnerability
|
Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar.
Apple's Safari is a web browser installed as default with Mac OS X.
There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users.
This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Apple Inc.
- Safari for Mac OS X (Mac OS X 10.3.x and Mac OS X 10.4.x)
- Safari 3.0.2 and earlier (Mac OS X, Windows XP / Vista)
- iPhone v1.0
|
|
As it is difficult for Safari users to tell whether the displayed URL is spoofed or not, an attacker could possibly conduct phising attacks.
|
[Update the software]
Apply the latest updates provided by the vendor.
For more information, refer to the vendor's website.
|
Apple Inc.
|
- Resource Management Errors(CWE-399) [NVD Evaluation]
- Link Following(CWE-59) [NVD Evaluation]
|
- CVE-2007-3742
|
- JVN : JVN#16018033
- National Vulnerability Database (NVD) : CVE-2007-3742
- SecurityFocus : 24636
- ISS X-Force Database : 35716
- FrSIRT Advisories : FrSIRT/ADV-2007-2730
|
- [2008/05/21]
Web page published
|