Security Advisories

CVE-2022-47524: F-Secure SAFE browser for Android vulnerable to an IDN Homograph attack

Description

STATUS: Fixed

RISK LEVEL: Medium

FIX: No user action is required. Newer version 19.2 has been released in the automatic update channel since 22nd Dec 2022..

Affected Products

  • F-Secure SAFE Browser for Android Version 19.1 and below

Affected platforms

  • All supported platforms for the affected products

More Information

F‑Secure SAFE browser for Android is vulnerable to an IDN homo­graph attack when displaying messages containing malicious URLs. Trick that can deceive users into thinking they are visiting a legitimate web­site when in fact they are directed to a malicious homo­graph, domain name.

This issue was reported to F‑Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F-Secure Corporation would like to thank Rafi Andhika Galuh for bringing this issue to our attention.

Date issued: 2022-12-23