Published: 2023/06/13  Last Updated: 2023/06/13

Information from Chatwork Co., Ltd.

Vulnerability ID:JVN#96828492
Title:Chatwork Desktop Application (Mac) vulnerable to code injection

This is a statement from the vendor itself with no modification by JPCERT/CC.

A code injection (CWE-94) vulnerability exists in the Chatwork desktop application (Mac) provided by Chatwork, Inc.
Executing certain commands in the local environment of the PC on which the application is installed could allow access to the camera and microphone without the user's consent, which could result in information being spoofed.
The issue has been addressed in version 2.6.44, released on June 5, 2023.
The software is automatically updated when the application is launched. (If not, please download and use the latest version.)