Advertisement






Apple Safari Browser Vulnerable to URL Spoofing Vulnerability

CVE Category Price Severity
CVE-2021-30644 CWE-601 Not specified Medium
Author Risk Exploitation Type Date
Unknown Medium Remote 2015-05-19
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015050124

Below is a copy:

Apple Safari Browser Vulnerable to URL Spoofing VulnerabilityA serious security vulnerability has been uncovered in Apples Safari web browser that could trick Safari users into visiting a malicious website with the genuine web address.

A group of researchers, known as Deusen, has demonstrated how the address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari browser is connected to an entirely different address.

This flaw could let an attacker lead Safari users to a malicious site instead of a trusted website they willing to connect to install malicious software and steal their login credentials.
- See more at: http://thehackernews.com/2015/05/safari-url-spoofing.html#sthash.wXwd1Q9W.dpuf


--- POC ---------------------------------------
<script> function f() { location="dailymail.co.uk/home/index.htm"+Math.random(); } setInterval("f()",10); </script> - See more at: http://thehackernews.com/2015/05/safari-url-spoofing.html#sthash.HmJRX1gF.dpuf
--- POC ---------------------------------------

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.