I discovered and reported an address bar spoofing vulnerability in Apple Safari (included with macOS). As a result of discussions to fix this vulnerability, we have successfully released a security patch, which we report here.