Information from LY Corporation

A vulnerability for cross-site scripting has been confirmed in the smartphone app "Yahoo! JAPAN". Due to this vulnerability, there is a possibility that arbitrary scripts could be executed on the product's WebView through other apps installed on the device.

This vulnerability has been fixed in the following versions and above, so it can be immediately resolved by updating the app. Android: v3.161.2 (Released on February 9, 2024) iOS: v4.110.0 (Released on March 25, 2024)

As of March 29, 2024, there have been no reports of damage exploiting this vulnerability.