Security Advisories

CVE-2021-33596: Fake Apple Login Prompt in F-Secure SAFE Browser for iOS

Description

Fake Apple login prompt in F-Secure SAFE Browser. 

STATUS: Fixed

RISK LEVEL: Medium

FIX: Upgrade to version 18.4.x or newer from the App Store

Affected Products

Consumer Products:

  • F-Secure SAFE Browser version 18.3.x and below

Platforms

  • iOS

More Information

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure SAFE Browser for iOS.

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Mitigating factors

Exploiting the vulnerability requires the user to click on a specially crafted malicious URL.

Credits

F-Secure Corporation would like to thank Narendra Bhati (@imnarendrabhati) for bringing this issue to our attention.

Advisory changes

Date Changes
2021-08-11 First advisory published. 
2021-08-12 Risk level changed from 'Low' to 'Medium'.

Date Issued: 2021-08-11
Date Updated: 2021-08-12