CVE-2012-3742 Information

Description

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.

Reference

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85632 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78708