CVE-2024-0605

Name of the Vulnerable Software and Affected Versions Focus for iOS versions prior to 122

Description The issue allows an attacker to execute unauthorized scripts on top origin sites in the urlbar by using a javascript: URI with a setTimeout race condition. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage.

Recommendations For Focus for iOS versions prior to 122, update to version 122 or later to resolve the issue. As a temporary workaround, consider restricting the use of javascript: URIs in the urlbar to minimize the risk of exploitation.