Improper authorization in handler for custom URL scheme issue in β@cosmeβ App for Android versions prior 5.69.0 and β@cosmeβ App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
[
{
"vendor": "istyle Inc.",
"product": "\"@cosme\" App for Android",
"versions": [
{
"version": "versions prior to 5.69.0",
"status": "affected"
}
]
},
{
"vendor": "istyle Inc.",
"product": "\"@cosme\" App for iOS",
"versions": [
{
"version": "versions prior to 6.74.0",
"status": "affected"
}
]
}
]