Safari Spoofing Vulnerability

MEDIUM (4.3) No Patch (24 days)
cwe-451afpfsapplemacosrcesafarispoofing

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 7%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

This vulnerability allows attackers to spoof the domain name in the title of a pop-up window on macOS. Safari displays the fully qualified domain name when displaying a website's title in a pop-up window. An attacker can exploit this by sending a maliciously crafted string that gets logged, allowing them to execute arbitrary code on your server.

Am I affected?

This vulnerability affects macOS Sequoia 15.5 and later versions. Check with: afpfs command-line tool for AFP network shares (not applicable in most cases).

Note: This is a Safari-specific vulnerability, not related to other software products like Apache or HR systems.

Affected Products

Apple Inc. / Safari

How to fix

  1. Update to Safari 18.5 or later from the Apple Support website.
  2. Immediate mitigations:
  3. Restrict network access to your AFP server instance (firewall it from the public internet)
  4. Audit app activity for suspicious pop-up window behavior

References