VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 20, 2012· Updated Apr 29, 2026

CVE-2012-3742

CVE-2012-3742

Description

Safari on iOS before 6 fails to restrict a Unicode character resembling the HTTPS lock icon, enabling spoofing of secure connections via web page titles.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Safari on iOS before 6 fails to restrict a Unicode character resembling the HTTPS lock icon, enabling spoofing of secure connections via web page titles.

Vulnerability

Safari in Apple iOS versions prior to 6 does not properly restrict the use of a Unicode character that visually resembles the HTTPS lock indicator. This character can be placed in the TITLE element of a web page, allowing attackers to spoof the lock icon in the address bar. The issue affects iOS before 6 on iPhone 3GS and later, iPod touch (4th generation) and later, and iPad 2 and later [1].

Exploitation

An attacker can craft a malicious web page containing this Unicode character in the TITLE element. When a user visits the page using Safari on a vulnerable iOS device, the lock indicator may be displayed as if the connection is secure, even if it is not. No additional authentication or user interaction beyond visiting the page is required [1].

Impact

Successful exploitation allows an attacker to spoof HTTPS connections, potentially leading users to believe they are on a secure site. This could result in the disclosure of sensitive information, such as credentials or personal data, as users might enter information under a false sense of security [1].

Mitigation

The vulnerability is fixed in iOS 6. Users should update their devices to iOS 6 or later via iTunes. No workarounds are available for earlier versions [1].

References
  1. About the security content of iOS 6 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

42
  • Apple Inc./Iphone OS40 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 39 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=5.1.1
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
  • Apple Inc./Safarillm-fuzzy
    Range: <6
  • Apple Inc./iOSllm-fuzzy
    Range: <6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.