CVE-2025-43228
BaseFortify
Publication date: 2025-07-30
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 18.6 (exc) |
| apple | ipados | to 18.6 (exc) |
| apple | iphone_os | to 18.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves address bar spoofing that can occur when visiting a malicious website. It means that the address bar in the browser can be manipulated to display a false URL, potentially misleading users about the website they are visiting. The issue was fixed by improving the user interface in iOS 18.6 and iPadOS 18.6.
How can this vulnerability impact me? :
This vulnerability can impact you by misleading you into believing you are visiting a legitimate website when in fact you are on a malicious one. This can lead to phishing attacks, theft of sensitive information, or other malicious activities that exploit the false trust created by the spoofed address bar.
What immediate steps should I take to mitigate this vulnerability?
Update your devices to iOS 18.6 or iPadOS 18.6 or later, as the issue is fixed in these versions.