PT-2021-22971 · Unknown · Safe Browser For Ios

Published

2021-12-16

Updated

2022-01-03

CVE-2021-40835

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Safe Browser for iOS (affected versions not specified)

Description A URL address bar spoofing issue was discovered. When a user clicks on a specially crafted malicious URL, they may be tricked into thinking the content comes from a valid domain, while it actually comes from another. This is done by using a very long username part of the URL, so the user cannot see the domain name. A remote attacker can leverage this to perform a URL address bar spoofing attack.

Recommendations For all affected versions, the fix is that the browser no longer shows the username part in the address bar.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-40835

Affected Products

Safe Browser For Ios

PT-2021-22971 · Unknown · Safe Browser For Ios

CVE-2021-40835

Related Identifiers

Affected Products

References · 5