Security advisories

CVE-2022-38164: URL spoofing using long subdomain in F‑Secure Internet Security Browser for Android and iOS

Description

STATUS: Fixed

RISK LEVEL: Medium

FIX: Newer version 19.2 has been released in the automatic update channel since 25th Oct 2022. No user action is required.

Affected products

Consumer Products:

  • F‑Secure Internet Security Browser for Android and iOS version 19.0 and below.

Platforms

  • All supported platforms for the affected products

More information

A vulnerability affecting F‑Secure Internet Security browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL.

This issue was reported to F‑Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F‑Secure Corporation would like to thank Narendra Bhati for bringing this issue to our attention.

Date Issued: 2022-10-28