Fake Apple login prompt in F-Secure SAFE browser for iOS
Description
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A URL spoofing vulnerability in F‑Secure Safe Browser for iOS allows a crafted URL to display a legitimate domain while loading malicious content via a redirect.
Vulnerability
The vulnerability exists in the F‑Secure Safe Browser for iOS, where the address bar displays a legitimate-looking URL while the browser loads content from a different, potentially malicious domain [1][2]. The issue occurs due to a gap between the URL shown to the user and the actual resource being fetched. The affected product is F‑Secure SAFE Browser for iOS, specifically version 21.0.1 [1][2].
Exploitation
To exploit this vulnerability, an attacker must craft a seemingly legitimate URL that contains an embedded malicious redirect. The user must then click on this specially crafted link while using the vulnerable version of the F‑Secure Safe Browser for iOS [1][2]. No additional authentication or network position is required beyond luring the user to click the link.
Impact
Successful exploitation leads to URL spoofing: the user believes the displayed content originates from a trusted domain, while in reality it is served from an attacker-controlled origin. This undermines the user's trust in the browser's address bar and can facilitate phishing attacks, where the user may be tricked into entering sensitive information on a spoofed page [1][2].
Mitigation
F‑Secure has addressed this vulnerability in a security update. Based on the advisory [1][2], the issue was fixed in a release after version 21.0.1. Users should update their F‑Secure SAFE Browser for iOS to the latest available version from the App Store to mitigate the risk.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 18.3x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-famemitrex_refsource_MISC
- www.f-secure.com/en/business/support-and-downloads/security-advisoriesmitrex_refsource_MISC
- www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.