Main Vulnerability Database Vulnerabilities #VU47851

#VU47851 Spoofing attack in Apple Safari and Apple iOS - CVE-2020-9987

Published: October 20, 2020 / Updated: October 21, 2020

Vulnerability identifier: #VU47851

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-9987

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apple Safari
Apple iOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in the address bar. A remote attacker can spoof page content and obfuscate the true source of data as presented in the browser.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html

#VU47851 Spoofing attack in Apple Safari and Apple iOS - CVE-2020-9987

Description

Remediation

External links

Please verify you're human