Main Vulnerability Database Vulnerabilities #VU8519

Spoofing attack in Apple Safari - CVE-2017-7085

Published: September 20, 2017

Vulnerability identifier: #VU8519

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7085

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple Safari

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website and spoof address bar and other parts of web page.

Successful exploitation of this vulnerability may result in information disclosure or malicious actions execution.

How to mitigate CVE-2017-7085

Update to version 11.

Sources

https://support.apple.com/en-us/HT208116

Spoofing attack in Apple Safari - CVE-2017-7085

Detailed vulnerability description

How to mitigate CVE-2017-7085

Sources

Please verify you're human