Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-40835
CVE-2021-40835:
NixOS vulnerability analysis and mitigation
Overview
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When a user clicks on a specially crafted malicious URL containing a very long username part, they may be tricked into thinking content is coming from a valid domain while it actually comes from another domain, as the user cannot see the domain name due to the length of the username portion (NVD).
Technical details
The vulnerability was assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The attack requires user interaction and can be launched remotely without requiring privileges. The vulnerability affects F-Secure Safe Browser for iOS versions up to (excluding) 18.3 (NVD).
Impact
A remote attacker can leverage this vulnerability to perform URL address bar spoofing attacks, potentially tricking users into believing they are interacting with a legitimate domain while actually accessing malicious content (NVD).
Mitigation and workarounds
The vulnerability was fixed in version 18.3 of F-Secure Safe Browser for iOS. The fix involves no longer showing the username part in the address bar (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management