Apple Safari up to 18.4 Address Bar clickjacking

Summaryinfo

A vulnerability classified as problematic was found in Apple Safari. Impacted is an unknown function of the component Address Bar Handler. Such manipulation leads to clickjacking. This vulnerability is documented as CVE-2025-43327. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Apple Safari. It has been rated as problematic. Affected by this issue is an unknown function of the component Address Bar Handler. The manipulation with an unknown input leads to a clickjacking vulnerability. Using CWE to declare the problem leads to CWE-451. The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. Impacted is integrity. CVE summarizes:

The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.

The advisory is shared for download at support.apple.com. This vulnerability is handled as CVE-2025-43327 since 04/16/2025. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 09/16/2025). The MITRE ATT&CK project declares the attack technique as T1566.003.

Upgrading to version 26.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-2058). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Affected

• Apple Safari

Productinfo

Type

• Web Browser

Vendor

• Apple

Name

• Safari

Version

• 0.8
• 0.9
• 1.0
• 1.0.0
• 1.0.0b1
• 1.0.0b2
• 1.0.1
• 1.0.2
• 1.0.3
• 1.0b1
• 1.1
• 1.1.0
• 1.1.1
• 1.2
• 1.2.0
• 1.2.1
• 1.2.2
• 1.2.3
• 1.2.4
• 1.2.5
• 1.3
• 1.3.0
• 1.3.1
• 1.3.2
• 2
• 2.0
• 2.0 Pre
• 2.0.0
• 2.0.1
• 2.0.2
• 2.0.3
• 2.0.3 417.9.3
• 2.0.4
• 2.0.4 419.3
• 3
• 3.0
• 3.0.0
• 3.0.0b
• 3.0.1
• 3.0.1b
• 3.0.2
• 3.0.2b
• 3.0.3
• 3.0.3b
• 3.0.4
• 3.0.4 Beta
• 3.0.4b
• 3.1
• 3.1.0
• 3.1.0b
• 3.1.1
• 3.1.2
• 3.2
• 3.2.0
• 3.2.1
• 3.2.2
• 3.2.3
• 4
• 4.0
• 4.0 Beta
• 4.0.0b
• 4.0.1
• 4.0.2
• 4.0.3
• 4.0.4
• 4.0.5
• 4.1
• 4.1.1
• 4.1.2
• 4.1.3
• 5
• 5.0
• 5.0.1
• 5.0.5
• 5.0.6
• 5.1
• 5.1.2
• 5.1.2 (7534.52.7)
• 5.1.4
• 5.1.7
• 6
• 6.0
• 6.0.1
• 6.0.2
• 6.0.3
• 6.0.4
• 6.0.5
• 6.1
• 6.1.1
• 6.1.2
• 6.1.3
• 6.1.4
• 6.1.5
• 6.1.6
• 6.2.0
• 6.2.1
• 6.2.2
• 6.2.3
• 6.2.4
• 6.2.6
• 6.2.7
• 6.2.8
• 7.0
• 7.0.1
• 7.0.2
• 7.0.3
• 7.0.4
• 7.0.5
• 7.0.6
• 7.1.0
• 7.1.1
• 7.1.2
• 7.1.3
• 7.1.4
• 7.1.5
• 7.1.6
• 7.1.7
• 7.1.8
• 8
• 8.0
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 9.0
• 9.0.1
• 9.0.2
• 9.0.3
• 9.1
• 9.1.1
• 9.1.2
• 10
• 10.0
• 10.0.1
• 10.0.2
• 10.0.3
• 10.1
• 10.1.1
• 10.1.2
• 10.5
• 10.5.3
• 10.5.6
• 10.5.8
• 11
• 11.0
• 11.0.1
• 11.0.2
• 11.0.3
• 11.1
• 11.1.1
• 11.1.2
• 12.0
• 12.0.1
• 12.0.2
• 12.0.3
• 12.1
• 12.1.1
• 12.1.2
• 13.0
• 13.0.1
• 13.0.2
• 13.0.3
• 13.0.5
• 13.1
• 13.1.1
• 13.1.2
• 14.0
• 14.0.1
• 14.0.2
• 14.0.3
• 14.1
• 14.1.1
• 14.1.2
• 15
• 15.0
• 15.1
• 15.2
• 15.3
• 15.4
• 15.5
• 15.6
• 15.6.1
• 16
• 16.0
• 16.1
• 16.2
• 16.3
• 16.3.1
• 16.4
• 16.4.1
• 16.5
• 16.5.1
• 16.6
• 17
• 18.1
• 18.4

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion