Primary

Context

ArcSearch for iOS Address Bar Spoofing Vulnerability via Iframe-Triggered URI Navigation

Vulnerability

A vulnerability in ArcSearch for iOS, affecting versions prior to 1.45.2, could lead to address bar spoofing. After an iframe-triggered URI-scheme navigation, the displayed domain might not match the content, increasing the risk of deception.

Impact

Exploitation of this vulnerability could mislead users about the authenticity of the website they are viewing, potentially leading to phishing or other spoofing attacks.

Remediation

Users are advised to update ArcSearch on iOS to version 1.45.2 or newer, which includes the necessary fix.

Added: Dec 19, 2025, 5:28 PM

Updated: Dec 19, 2025, 6:11 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ArcSearch for iOS Address Bar Spoofing Vulnerability via Iframe-Triggered URI Navigation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating