Apple macOS up to 18.4 Address Bar clickjacking

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Apple macOS. The affected element is an unknown function of the component Address Bar Handler. Performing a manipulation results in clickjacking. This vulnerability is reported as CVE-2025-43327. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic has been found in Apple macOS. This affects an unknown functionality of the component Address Bar Handler. The manipulation with an unknown input leads to a clickjacking vulnerability. CWE is classifying the issue as CWE-451. The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. This is going to have an impact on integrity. The summary by CVE is:

The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.

The advisory is shared at support.apple.com. This vulnerability is uniquely identified as CVE-2025-43327 since 04/16/2025. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/16/2025). MITRE ATT&CK project uses the attack technique T1566.003 for this issue.

Upgrading to version 26.0 eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Apple

Name

• macOS

Version

• 5.3
• 5.11
• 10.8.5
• 10.9.5
• 10.10
• 10.10.1
• 10.10.2
• 10.10.3
• 10.12
• 10.12.0
• 10.12.1
• 10.12.2
• 10.12.3
• 10.12.4
• 10.12.5
• 10.12.6
• 10.13
• 10.13.0
• 10.13.1
• 10.13.2
• 10.13.3
• 10.13.4
• 10.13.5
• 10.13.5 2018-003
• 10.13.6
• 10.14
• 10.14.1
• 10.14.2
• 10.14.4
• 10.14.5
• 10.14.6
• 10.15
• 10.15.0
• 10.15.1
• 10.15.2
• 10.15.3
• 10.15.4
• 10.15.5
• 10.15.6
• 10.15.7
• 11.0.1
• 11.1
• 11.2
• 11.2.1
• 11.2.3
• 11.3
• 11.3.1
• 11.4
• 11.5
• 11.6
• 11.6.6
• 11.7
• 11.7.3
• 11.7.5
• 11.7.9
• 12.0.1
• 12.1
• 12.2
• 12.2.1
• 12.3
• 12.3.1
• 12.4
• 12.5
• 12.5.1
• 12.6
• 12.6.2
• 12.6.3
• 12.6.4
• 12.6.7
• 12.6.8
• 12.7
• 12.7.1
• 12.7.5
• 12.7.6
• 13
• 13.0
• 13.1
• 13.2
• 13.2.1
• 13.3
• 13.3.0
• 13.3.1
• 13.4
• 13.4.1
• 13.5
• 13.6
• 13.6.0
• 13.6.1
• 13.6.2
• 13.6.4
• 13.6.5
• 13.6.7
• 13.6.8
• 13.7
• 14
• 14.0
• 14.1
• 14.2
• 14.3
• 14.4
• 14.5
• 14.6
• 14.7
• 14.8
• 15
• 15.1
• 15.2
• 15.3
• 15.4
• 15.5
• 15.6
• 15.7
• 16.7
• 17.4
• 17.5
• 18
• 18.1
• 18.2
• 18.4

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion