Security advisories

FSC-2023-4: Universal Cross-Site Scripting (UXSS) In Safe Browser iOS Version 21.0.1

Description

STATUS: Fixed

RISK LEVEL: High

FIX: New version of F‑Secure SAFE has been published to related store.

  • F‑Secure SAFE for iOS 21.1

Affected products

  • F‑Secure SAFE Browser for iOS

Affected platforms

  • All supported platforms for the affected products

More information

F‑Secure SAFE Browser for iOS is susceptible to a Universal Cross-Site Scripting (UXSS) attack due to the way URL is being displayed in the address bar of a newly opened tab. This could potentially compromise the confidentiality and integrity of user data. Issue has been fixed by changing the way URL is displayed in a newly opened tab.

This issue was reported to F‑Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F‑Secure would like to thank Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd. India for bringing this issue to our attention.

Date issued: 2023-10-24