CVE-2021-33596
Fake Apple login prompt in F-Secure SAFE browser for iOS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
Mostrar la URL legítima en la barra de direcciones mientras se carga el contenido de otro dominio. Esto hace creer al usuario que el contenido es servido por un dominio legítimo. Una explotación de la vulnerabilidad requiere al usuario hacer clic en una URL especialmente diseñada, aparentemente legítima, conteniendo una redirección maliciosa insertada mientras se usa F-Secure Safe Browser for iOS
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-27 CVE Reserved
- 2021-08-05 CVE Published
- 2024-02-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F-secure Search vendor "F-secure" | Safe Search vendor "F-secure" for product "Safe" | < 18.4.272901 Search vendor "F-secure" for product "Safe" and version " < 18.4.272901" | iphone_os |
Affected
| ||||||