Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html
http://support.apple.com/kb/HT3733
http://www.securityfocus.com/bid/36026
http://www.securitytracker.com/id?1022719
http://support.apple.com/kb/HT3860
http://secunia.com/advisories/36677
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: MITRE
Published: 2009-08-12
Updated: 2022-08-09
Type: NVD-CWE-Other
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM