Malicious scripts could display attacker-controlled web...
Moderate severity
Unreviewed
Published
Mar 9, 2026
to the GitHub Advisory Database
•
Updated Mar 9, 2026
Description
Published by the National Vulnerability Database
Mar 9, 2026
Published to the GitHub Advisory Database
Mar 9, 2026
Last updated
Mar 9, 2026
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.
References