An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the WebKit component. It allows remote attackers to spoof the address bar via a crafted web site.
Weakness
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 10.0.3 (including) |
| Iphone_os | Apple | * | 10.2.1 (including) |
| Qtwebkit | Ubuntu | eoan | * |
| Qtwebkit-opensource-src | Ubuntu | artful | * |
| Qtwebkit-opensource-src | Ubuntu | bionic | * |
| Qtwebkit-opensource-src | Ubuntu | cosmic | * |
| Qtwebkit-opensource-src | Ubuntu | devel | * |
| Qtwebkit-opensource-src | Ubuntu | disco | * |
| Qtwebkit-opensource-src | Ubuntu | eoan | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/jammy | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/noble | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | focal | * |
| Qtwebkit-opensource-src | Ubuntu | groovy | * |
| Qtwebkit-opensource-src | Ubuntu | hirsute | * |
| Qtwebkit-opensource-src | Ubuntu | impish | * |
| Qtwebkit-opensource-src | Ubuntu | jammy | * |
| Qtwebkit-opensource-src | Ubuntu | kinetic | * |
| Qtwebkit-opensource-src | Ubuntu | lunar | * |
| Qtwebkit-opensource-src | Ubuntu | mantic | * |
| Qtwebkit-opensource-src | Ubuntu | noble | * |
| Qtwebkit-opensource-src | Ubuntu | trusty | * |
| Qtwebkit-opensource-src | Ubuntu | upstream | * |
| Qtwebkit-opensource-src | Ubuntu | xenial | * |
| Qtwebkit-opensource-src | Ubuntu | yakkety | * |
| Qtwebkit-opensource-src | Ubuntu | zesty | * |
| Qtwebkit-source | Ubuntu | artful | * |
| Qtwebkit-source | Ubuntu | bionic | * |
| Qtwebkit-source | Ubuntu | cosmic | * |
| Qtwebkit-source | Ubuntu | disco | * |
| Qtwebkit-source | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Qtwebkit-source | Ubuntu | precise | * |
| Qtwebkit-source | Ubuntu | trusty | * |
| Qtwebkit-source | Ubuntu | xenial | * |
| Qtwebkit-source | Ubuntu | yakkety | * |
| Qtwebkit-source | Ubuntu | zesty | * |
| Webkit | Ubuntu | precise | * |
| Webkitgtk | Ubuntu | artful | * |
| Webkitgtk | Ubuntu | bionic | * |
| Webkitgtk | Ubuntu | cosmic | * |
| Webkitgtk | Ubuntu | esm-apps/bionic | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Webkitgtk | Ubuntu | trusty | * |
| Webkitgtk | Ubuntu | xenial | * |
| Webkitgtk | Ubuntu | yakkety | * |
| Webkitgtk | Ubuntu | zesty | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/127.html
- https://cwe.mitre.org/data/definitions/143.html
- https://cwe.mitre.org/data/definitions/144.html
- https://cwe.mitre.org/data/definitions/668.html
- https://cwe.mitre.org/data/definitions/87.html