Published: 2021/04/14  Last Updated: 2021/05/20

Information from Gurunavi, Inc.

Vulnerability ID:JVN#54025691
Title:Gurunavi Apps fail to restrict access permissions

This is a statement from the vendor itself with no modification by JPCERT/CC.

Gurunavi App fails to restrict access permissions.
We have released the modified version on the GooglePlayStore and AppStore.
Please update to the latest version.

・Products Affected
 Gurunavi App for Android ver.10.0.14 and earlier
 Gurunavi App for iOS ver.11.2.3 and earlier

 A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

 Update the Application