Published: 2015/09/16  Last Updated: 2015/10/13

Information from Newphoria Corporation

Vulnerability ID:JVN#73346595
Title:applican vulnerable to URL whitelist bypass
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

[Summary]
Vulnerability in access restriction mechanism has been found.

[Affected applications]
Applications which use iOS runtime engine up to ver. 1.12.2; up to Android runtime engine up to ver. 1.12.2.

[Supposed effect]
In Android application it is possible to call API's on behalf of the affected application.
In iOS application it is possible to execute optional API's used by the iOS application.

[Resolution method]
Please rebuild and update the application to use iOS runtime enginever. 1.12.3 or Android runtime engine 1.12.3 or higher.

update history

2015/10/13