CVE-2021-33596

low-risk
Published 2021-08-05

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Safe

Affected Vendors

F-Secure

References (6)

Vendor Advisory https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-...
Vendor Advisory https://www.f-secure.com/en/business/support-and-downloads/security-advisories
Vendor Advisory https://www.f-secure.com/en/business/support-and-downloads/security-advisories/c...
Vendor Advisory https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-...
Vendor Advisory https://www.f-secure.com/en/business/support-and-downloads/security-advisories
Vendor Advisory https://www.f-secure.com/en/business/support-and-downloads/security-advisories/c...
22
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal