CVE-2021-40835
MEDIUM
4,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none
MEDIUM
4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0030
Percentile
0,5th
Updated
EPSS Score Trend (Last 91 Days)
Application
Safe by F-Secure
Version Range Affected
To
18.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:f-secure:safe:*:*:*:*:*:iphone_os:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall…
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall…
https://www.f-secure.com/en/business/support-and-downloads/security-advisories