Information from LY Corporation
Vulnerability ID:JVN#35290164
Title:"Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
A vulnerability due to improper access restrictions has been identified in the Android application “Yahoo! Shopping.”
This vulnerability could allow arbitrary web pages to be loaded within the app, which may result in phishing attacks.
The vulnerability has been fixed in the following version and later. Updating the application will immediately resolve the issue:
v14.15.0 (released on September 4, 2025)
As of September 1, 2025, no reports of exploitation of this vulnerability have been confirmed.
