JVN#87655507: CREATE SD official App for Android fails to restrict access permissions

2019-05-10T00:00:00
ID JVN:87655507
Type jvn
Reporter Japan Vulnerability Notes
Modified 2019-05-10T00:00:00

Description

## Description

CREATE SD official App for Android provided by CREATE S・D CO., LTD. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an Intent from an arbitrary App and to access an arbitrary URL requested by an Intent.

## Impact

A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.

## Solution

Update the Application
Update the application to the latest version according to the information provided by the developer.

## Products Affected

  • CREATE SD official App for Android version 1.0.2 and earlier