PT-2024-16303 · Unknown · Focus For Ios
James Lee
·
Published
2024-10-29
·
Updated
2024-11-04
·
CVE-2024-10474
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Focus for iOS versions prior to 132
Description
The issue allows internal links to utilize the app scheme used for deeplinking, potentially circumventing some URL safety checks. This could result in link spoofing.
Recommendations
For Focus for iOS versions prior to 132, update to version 132 or later to resolve the issue. As a temporary workaround, consider restricting internal links from utilizing the app scheme used for deeplinking until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Focus For Ios