More information

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure SAFE Browser for iOS.

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Contributors

F-Secure Corporation would like to thank following person for bringing this issue to our attention.

Narendra Bhati

Twitter

    Description

  • Fake Apple login prompt in F-Secure SAFE Browser.

    • Status

  • Resolved

    • Risk level

  • Medium

    • Fix

  • Upgrade to version 18.4.x or newer from the App Store

    • Affected products

  • Corporate Products: F-Secure SAFE Browser Version 18.3.x and below

    • Platforms

  • iOS

    • Date issues

  • 11/8/2021
Read more
  • Security advisories
  • 2021
  • Medium