Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Focus for iOS - Display of spoofed content possible without user interaction
CVE-2026-2919
Summary
A security weakness in older versions of Focus for iOS may allow a hacker to show fake content from a trusted website on your screen without you clicking on anything. This could happen if you visit a website that takes advantage of this flaw. Update to the latest version of Focus to fix this issue.
Original title
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing t...
Original description
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.
nvd CVSS3.1
4.3
Vulnerability type
CWE-451
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026