Published: 2019/11/07  Last Updated: 2019/11/07

Information from Rakuten, Inc.

Vulnerability ID:JVN#41566067
Title:Rakuma App vulnerable to authentication information disclosure
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Fixed versions of Rakuma Apps are now available on Google Play Store and App Store.
Regarding the vulnerability, no attacks or exploitation has been confirmed or reported as far as we know.

Android - Google Play Store
#vulnerable version : v7.15.0 or older
https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en

iOS - App Store
#vulnerable version : v7.16.4 or older
https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998