Published: 2024/03/15  Last Updated: 2024/03/15

Information from AbemaTV, Inc.

Vulnerability ID:JVN#70640802
Title:"ABEMA" App for Android fails to restrict access permissions

This is a statement from the vendor itself with no modification by JPCERT/CC.

An access restriction vulnerability has been confirmed in the Android app "ABEMA".
*The iOS app "ABEMA" is not affected.

This vulnerability could allow other apps to access arbitrary sites via "ABEMA".
Please note that the vulnerability has been fixed in "App version: 10.65.0" and has been resolved with an update.
*"ABEMA" cannot be used with previous versions including "App version: 10.65.0", so an update is required to use it.

To date, there have been no reports of damage caused by exploiting this vulnerability.