Apple Safari URI spoofing (CVE-2015-5764)

Posted by Antonio Sanso on Oct 05

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability (and more general a user interface spoofing).
Apple released security updates for Safari 9<https://support.apple.com/kb/HT205265> on OS X and assigned CVE-2015-5764.
Accidentally this vulnerability was also present in iOS.

Instant demo
In Safari up to 8.0.8 :

* go to https://asanso.github.io/CVE-2015-5764/file0.html
* click “click me!”
* notice…

Leave a Reply