Published: 2019/03/12  Last Updated: 2019/03/12

Information from iChain, Inc.

Vulnerability ID:JVN#11622218
Title:iChain Insurance Wallet App for iOS vulnerable to directory traversal
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Versions of "iChain Insurance Wallet" prior to 1.3.0 has vulnerable to Path Traversal caused by versions of cordova-plugin-ionic-webview prior to 2.2.0 used in the app. It allows attackers access to OS local files that should be inaccessible by third-party applications.
The solution for this vulnerability is to update to ver. 1.4.0 or later.