Published: 2024/09/09  Last Updated: 2024/09/09

Information from istyle Inc.

Vulnerability ID:JVN#81570776
Title:"@cosme" App fails to restrict custom URL schemes properly
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

There is a vulnerability due to insufficient access restrictions in the smartphone application "@cosme". We have released versions with countermeasures on the App Store and Google Play Store. For your safety, please update to the latest version.

■Affected products and versions
Android app "@cosme" versions prior to 5.69.0
iOS app "@cosme" versions prior to 6.74.0

■ Potential impact
If the vulnerability is exploited, users may be directed to access arbitrary websites through the product. As a result, there is a possibility of falling victim to phishing and other attacks.

■Countermeasure
Update to the latest version