Safari in Apple iOS prior to 9.2 allows remote malicious users to spoof a URL in the user interface via a crafted web site.
apple safari