The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing.
Weakness
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 26.1 (excluding) |
| Ipados | Apple | * | 26.1 (excluding) |
| Iphone_os | Apple | * | 26.1 (excluding) |
| Visionos | Apple | * | 26.1 (excluding) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/459.html
- https://cwe.mitre.org/data/definitions/461.html
- https://cwe.mitre.org/data/definitions/473.html
- https://cwe.mitre.org/data/definitions/476.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/667.html
- https://cwe.mitre.org/data/definitions/94.html