Main Vulnerability Database Vulnerabilities #VU8520

Spoofing attack in Apple Safari - CVE-2017-7106

Published: September 20, 2017

Vulnerability identifier: #VU8520

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7106

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple Safari

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website and spoof address bar and other parts of web page.

Successful exploitation of this vulnerability may result in information disclosure or malicious actions execution.

How to mitigate CVE-2017-7106

Update to version 11.

Sources

https://support.apple.com/en-us/HT208116

Spoofing attack in Apple Safari - CVE-2017-7106

Detailed vulnerability description

How to mitigate CVE-2017-7106

Sources

Please verify you're human