OSVDB ID: 84205

Title: WebKit International Domain Name (IDN) / Unicode Look-alike Character URL Bar Spoofing

Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

WebKit contains a flaw related to the usage of International Domain Name (IDN) and Unicode fonts. The font sets allow the usage of certain look-alike characters. This may allow a context-dependent attacker to use these characters to spoof the URL bar by creating a domain name that appears visually similar or identical to a trusted domain name.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability. Upgrade to Apple Safari version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Security Tracker: 1027307
CVE ID: 2012-3693 (see also: NVD)
Secunia Advisory ID: 50058 50586
Related OSVDB ID: 84200 84201 84203 84204 84206 84207 84208 84209 84210 84211 84213 84214
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5400
http://support.apple.com/kb/HT5503

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84205