The ArcSearch application for iOS, prior to version 1.45.2, is susceptible to an address bar spoofing vulnerability that occurs during iframe-triggered URI-scheme navigation. This flaw may allow an attacker to manipulate the content displayed in the address bar, leading users to believe they are viewing a legitimate page while displaying different content behind the scenes. Such an exploitation can significantly elevate the risk of phishing attacks and other forms of online deception.
https://securityvulnerability.io/vulner ... 2025-14812