CREATE SD official App for Android provided by CREATE S・D CO., LTD. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an Intent from an arbitrary App and to access an arbitrary URL requested by an Intent.
A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
Update the Application
Update the application to the latest version according to the information provided by the developer.
## Products Affected