Intrusion Prevention

Apple.Safari.IDN.URL.Bar.Spoofing

Description

WebKit, in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts. This allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

Affected Products

Apple Safari 3 Beta before Update 3.0.3
iPhone before 1.0.1

Impact

URL spoofing.

Recommended Actions

Apple security advisory APPLE-SA-2007-07-31 iPhone v1.0.1 Update is available.
Apple has also released Safari 3 Beta Update 3.0.3 to address this issue. Please see references for more information
Apple Safari 3.0.2 Beta
Apple Safari3Beta.dmg
For Mac OS X
http://www.apple.com/safari/download/
Apple Safari 3.0.2 Beta for Windows
Apple SafariQuickTimeSetup.exe
Safari+QuickTime for Windows XP or Vista
http://www.apple.com/safari/download/

CVE References

CVE-2007-3742