CVE-2021-40835

Summary

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.

Affected Software

VendorProductVersion RangeStatus
F-SecureF-Secure Mobile Security18.3 < 18.5affected

Weaknesses

  • URL Address Bar Spoofing in F-Secure SAFE Browser for iOS

ADP Enrichment

CVE Program Container

Additional References

References