Primary

Context

Apple Safari Spoofing Vulnerability in Pop-Up Window Domain Name Display

Vulnerability

Patched

A spoofing vulnerability has been identified in Apple Safari versions prior to 18.5, as well as in macOS Sequoia versions prior to 15.5. This issue allows a website to manipulate the domain name displayed in the title of a pop-up window, potentially leading to user deception.

Impact

Exploitation of this vulnerability could result in successful domain spoofing, allowing malicious websites to misrepresent their identity in pop-up windows.

Added: Nov 21, 2025, 10:24 PM

Updated: Nov 21, 2025, 10:24 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple Safari Spoofing Vulnerability in Pop-Up Window Domain Name Display

Vulnerability

Impact

Affected Products

Apple Safari

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating