What is CVE-2021-40835?

CVE-2021-40835 is an URL address bar spoofing vulnerability found in Safe Browser for iOS.

How does CVE-2021-40835 affect users?

When a user clicks on a specially crafted malicious URL, they may be tricked into thinking the content is coming from a valid domain when it actually comes from another domain.

What is the severity of CVE-2021-40835?

The severity of CVE-2021-40835 is medium, with a CVSS score of 4.3.

How can users fix CVE-2021-40835?

Users should update to the latest version of Safe Browser for iOS to fix CVE-2021-40835.

Where can I find more information about CVE-2021-40835?

More information about CVE-2021-40835 can be found on the F-Secure website including their vulnerability reward program and security advisories.

Vulnerability/
CVE-2021-40835

medium

4.6

16/12/2021

4/8/2024

CVE-2021-40835: URL Address Bar Spoofing in F-Secure SAFE Browser for iOS

First published: Thu Dec 16 2021(Updated: )

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is performed by using a very long username part of the url so that user cannot see the domain name. A remote attacker can leverage this to perform url address bar spoofing attack. The fix is, browser no longer shows the user name part in address bar.

Credit: cve-notifications-us@f-secure.com

Affected Software	Affected Version	How to fix
F-secure Safe	<18.3

Remedy

Upgrade to version 18.5 or newer from the App Store

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-40835?
CVE-2021-40835 is an URL address bar spoofing vulnerability found in Safe Browser for iOS.
How does CVE-2021-40835 affect users?
When a user clicks on a specially crafted malicious URL, they may be tricked into thinking the content is coming from a valid domain when it actually comes from another domain.
What is the severity of CVE-2021-40835?
The severity of CVE-2021-40835 is medium, with a CVSS score of 4.3.
How can users fix CVE-2021-40835?
Users should update to the latest version of Safe Browser for iOS to fix CVE-2021-40835.
Where can I find more information about CVE-2021-40835?
More information about CVE-2021-40835 can be found on the F-Secure website including their vulnerability reward program and security advisories.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/last-modified-date
agent/severity
agent/remedy
agent/description
agent/first-publish-date
agent/tags
agent/event
vendor/f-secure
canonical/f-secure safe

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.