The address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari browser is connected to an entirely different address. The vulnerability works on fully patched versions of Apple’s mobile operating system (iOS) as well as OS X. Apple has not confirmed whether the vulnerability is actively exploited by cyber criminals in the wild. The flaw could let an attacker lead Safari users to a malicious site instead of a trusted site to install malicious software and steal their login credentials.
Source: https://thehackernews.com/2015/05/safari-url-spoofing.html