Intrusion Prevention

Apple.Safari.IDN.URL.Bar.Spoofing

Description

WebKit, in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts. This allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

Affected Products

Apple Safari 3 Beta before Update 3.0.3
iPhone before 1.0.1

Impact

URL spoofing.

Recommended Actions

Apple security advisory APPLE-SA-2007-07-31 iPhone v1.0.1 Update is available.
Apple has also released Safari 3 Beta Update 3.0.3 to address this issue. Please see references for more information
Apple Safari 3.0.2 Beta
Apple Safari3Beta.dmg
For Mac OS X
http://www.apple.com/safari/download/
Apple Safari 3.0.2 Beta for Windows
Apple SafariQuickTimeSetup.exe
Safari+QuickTime for Windows XP or Vista
http://www.apple.com/safari/download/

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	14838
Created	Aug 30, 2007
Updated	Nov 15, 2021
Risk
CVE ID	CVE-2007-3742
Exploit Prediction Score	0.71%
Default Action	drop
Active
Affected OS	Windows, MacOS
Affected App	Apple

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

Apple.Safari.IDN.URL.Bar.Spoofing

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

Apple.Safari.IDN.URL.Bar.Spoofing

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center