Information from Newphoria Corporation
Title:applican vulnerable to URL whitelist bypass
This is a statement from the vendor itself with no modification by JPCERT/CC.
Vulnerability in access restriction mechanism has been found.
Applications which use iOS runtime engine up to ver. 1.12.2; up to Android runtime engine up to ver. 1.12.2.
In Android application it is possible to call API's on behalf of the affected application.
In iOS application it is possible to execute optional API's used by the iOS application.
Please rebuild and update the application to use iOS runtime enginever. 1.12.3 or Android runtime engine 1.12.3 or higher.