Security Advisories

CVE-2022-38164: URL spoofing using long subdomain in F‑Secure SAFE Browser for Android and iOS

Description

STATUS: Fixed

RISK LEVEL: Medium  

FIX: Newer version 19.2 has been released in the automatic update channel since 25th Oct 2022. No user action is required.

Affected Products

Consumer Products:

  • F-Secure SAFE Browser for Android and iOS version 19.0 and below.

Platforms

  • All supported platforms for the affected products

More Information

A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL.

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F-Secure Corporation would like to thank Narendra Bhati for bringing this issue to our attention.

Date Issued: 2022-10-28