Edge Spoofing Vulnerability

MEDIUM (4.3) No Patch (9 days)
cwe-451edgeiosmicrosoftspoofingui-misrepresentationweb-browser

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 13%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Microsoft Edge for iOS is a web browser used by millions of users. This vulnerability allows an attacker to spoof critical information on the user's device, potentially leading to unauthorized access or data theft.

Am I affected?

You're affected if you use User. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Microsoft / Microsoft Edge for iOS

How to fix

  1. Enable JavaScript in Microsoft Edge for iOS by going to Settings > Privacy & Security > Advanced > Browser security settings, then toggle the switch next to "JavaScript" to the right.
  2. Update to the latest version of Microsoft Edge for iOS (version 90.0.818.44 or later). You can download the update from the App Store.

References