Published: 2024/03/29  Last Updated: 2024/03/29

Information from LY Corporation

Vulnerability ID:JVN#23528780
Title:"Yahoo! JAPAN" App vulnerable to cross-site scripting

This is a statement from the vendor itself with no modification by JPCERT/CC.

A vulnerability for cross-site scripting has been confirmed in the smartphone app "Yahoo! JAPAN". Due to this vulnerability, there is a possibility that arbitrary scripts could be executed on the product's WebView through other apps installed on the device.

This vulnerability has been fixed in the following versions and above, so it can be immediately resolved by updating the app. Android: v3.161.2 (Released on February 9, 2024) iOS: v4.110.0 (Released on March 25, 2024)

As of March 29, 2024, there have been no reports of damage exploiting this vulnerability.