Published: 2023/08/09  Last Updated: 2023/08/09

Information from Recruit Co., Ltd.

Vulnerability ID:JVN#84820712
Title:"Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly

This is a statement from the vendor itself with no modification by JPCERT/CC.

"Rikunabi NEXT" App fails to restrict access permissions.
We have released the fixed version on the Google Play Store. Please update to the latest version.

- Products Affected
"Rikunabi NEXT" App for Android less than ver. 11.5.0.

- Impact
A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

- Solution
Update the Application

# All data is as of August 07, 2023.