Vulnerability in Safari Web Browser Allows Address Bar to be Spoofed

A security researcher discovered an unpatched vulnerability, CVE-2018-8383, in the Safari web browser that allows an attacker to control the content displayed in the browser's address bar. The flaw can be exploited for phishing attacks, making them much more difficult to identify. The vulnerability also existed in Microsoft’s Edge browser but was patched on August 14 as part of their regular security updates; Apple has yet to release a patch. The NJCCIC recommends Safari users and administrators review security researcher Rafay Baloch’s blog post for more information and apply the necessary patch if and when it becomes available. Users and administrators of the Edge browser are advised to ensure they have applied the most current patch levels.

AdvisoryNJCCICApple, Safari