Information from Newphoria Corporation
Title:Koritore vulnerable to URL whitelist bypass
This is a statement from the vendor itself with no modification by JPCERT/CC.
Vulnerability in access restriction of こりトレ has been found.
iOS and Android こりトレapplication up to version 1.0
こりトレcould be loaded using URL scheme with the possibility to open an arbitrary page.
A possibility to falsify a file which can be accessed to by an application by the malicious third party.
Update from GooglePlay to version 1.1.
Update from AppStore to version 1.1.
This vulnerability report was sent according to Information Security Early Warning partnership within regulation between our company and IPA with JPCERT/CC.
The information regarding the vulnerability was reported to us by Sprout Inc.
Our special thanks to Kenta Suefusa and Tomonori Shiomi of Sprout Inc., and also to anyone involved into Information Security Early Warning partnership.