RISK LEVEL: High
FIX: New version of F‑Secure SAFE has been published to related store.
F‑Secure SAFE Browser for iOS is susceptible to a Universal Cross-Site Scripting (UXSS) attack due to the way URL is being displayed in the address bar of a newly opened tab. This could potentially compromise the confidentiality and integrity of user data. Issue has been fixed by changing the way URL is displayed in a newly opened tab.
This issue was reported to F‑Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
F‑Secure would like to thank Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd. India for bringing this issue to our attention.
Date issued: 2023-10-24