Security Advisories
FSC-2014-4: Address Bar Spoofing in F-Secure Safe Browser for iOS
Description
An address bar spoofing vulnerability in F-Secure Safe Browser for iOS allows a user to be redirected to a malicious URL when a seemingly legitimate URL is clicked on.
Affected Products
- Risk Level (Low/Medium/High/Cricital) Medium
- F-Secure Safe Browser
Platforms
- Risk Level (Low/Medium/High/Cricital) Medium
- iOS
More Information
Mitigating Factors
Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
No attacks have been reported in the wild.
Fix Available
| Product | Versions | Fix |
|---|---|---|
| F-Secure Safe Browser for iOS | 2.50.201102 | Upgrade to version 2.50.201102 from the App Store or download the latest version from https://itunes.apple.com/app/id572847748 |
Credits
F-Secure Corporation would like to thank Łukasz Pilorz for bringing this issue to our attention.
Date Issued: 2014-05-19
Date Last Updated: 2014-05-21