JPCERT¥³¡¼¥Ç¥£¥Í¡¼¥·¥ç¥ó¥»¥ó¥¿¡¼(JPCERT/CC: Japan Computer Emergency Response Team Coordination Center)¤Ï6·î21Æü¡¢¡ÖJVNVU#91384468: LINE client for iOS¤Ë¤ª¤±¤ë¥æ¥Ë¥Ð¡¼¥µ¥ë¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°¤ÎÀȼåÀ­¡×¤Ë¤ª¤¤¤Æ¡¢LINE client for iOS¤ËÀȼåÀ­¤¬Â¸ºß¤¹¤ë¤È¤·¤Æ¡¢Ãí°Õ¤ò¸Æ¤Ó³Ý¤±¤¿¡£¤³¤ÎÀȼåÀ­¤ò°­ÍѤµ¤ì¤ë¤È¡¢¥¢¥×¥êÆâ¥Ö¥é¥¦¥¶Æâ¤Ëɽ¼¨¤µ¤ì¤¿Ç¤°Õ¤ÎWeb¥µ¥¤¥È¤ËËä¤á¹þ¤Þ¤ì¤¿iframe¤Î¥È¥Ã¥×¥Õ¥ì¡¼¥à¤ÇǤ°Õ¤ÎJavaScript¤¬¼Â¹Ô¤µ¤ì¤ë¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°¡ÊXSS¡Ë¹¶·â¤¬²Äǽ¤Ë¤Ê¤ë¡£

JVNVU#91384468: LINE client for iOS¤Ë¤ª¤±¤ë¥æ¥Ë¥Ð¡¼¥µ¥ë¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°¤ÎÀȼåÀ­

¡ûÀȼåÀ­¤Ë´Ø¤¹¤ë¾ðÊó

ÀȼåÀ­¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£

CVE-2024-5739 - LY Corporation

ÀȼåÀ­¤Î¾ðÊó(CVE)¤Ï¼¡¤Î¤È¤ª¤ê¡£

CVE-2024-5739

¥æ¥Ë¥Ð¡¼¥µ¥ë¥¯¥í¥¹¥µ¥¤¥È¥¹¥¯¥ê¥×¥Æ¥£¥ó¥°(UXSS: Universal Cross-Site Scripting)¤ÎÀȼåÀ­¡£¹¶·â¼Ô¤Ï¥¢¥×¥êÆâ¥Ö¥é¥¦¥¶¤Ëɽ¼¨¤µ¤ì¤ëǤ°Õ¤ÎWeb¥µ¥¤¥È¤ÎËä¤á¹þ¤ßiframe¤«¤é¡¢¥æ¡¼¥¶¡¼Áàºî¤ò²ð¤·¤Æ¥È¥Ã¥×¥Õ¥ì¡¼¥àÆâ¤ÇǤ°Õ¤ÎJavaScript¤ò¼Â¹Ô¤Ç¤­¤ë¡£

¥¢¥×¥êÆâ¥Ö¥é¥¦¥¶¤ÏÄ̾¥È¡¼¥¯¥á¥Ã¥»¡¼¥¸Æâ¤ÎURL¤ò¥¿¥Ã¥×¤¹¤ë¤³¤È¤Ç³«¤¯¤¬¡¢¹¶·â¤òÀ®¸ù¤µ¤»¤ë¤Ë¤Ï¡¢Èï³²¼Ô¤¬°­°Õ¤Î¤¢¤ëiframe¤Ç¥¯¥ê¥Ã¥¯¥¤¥Ù¥ó¥È¤ò¥È¥ê¥¬¡¼¤¹¤ëɬÍפ¬¤¢¤ë¡£Web¥µ¥¤¥È¤ËËä¤á¹þ¤Þ¤ì¤¿iframe¤ò¹¶·â¼Ô¤¬À©¸æ¤Ç¤­¤ì¤Ð¡¢¤³¤ÎÀȼåÀ­¤ò°­ÍѤ·¤Æ¡¢¥È¥Ã¥×¥Õ¥ì¡¼¥à¤Ëɽ¼¨¤µ¤ì¤ë¥³¥ó¥Æ¥ó¥Ä¤ä¥æ¡¼¥¶¡¼¥»¥Ã¥·¥ç¥ó¾ðÊó¤ò¼èÆÀ¤Þ¤¿¤ÏÊѹ¹¤Ç¤­¤ë²ÄǽÀ­¤¬¤¢¤ë¡£

¡ûÀȼåÀ­¤¬Â¸ºß¤¹¤ëÀ½ÉÊ

ÀȼåÀ­¤¬Â¸ºß¤¹¤ë¤È¤µ¤ì¤ëÀ½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£

LINE client for iOS 14.9.0¤è¤êÁ°¤Î¥Ð¡¼¥¸¥ç¥ó

¡ûÀȼåÀ­¤¬½¤Àµ¤µ¤ì¤¿À½ÉÊ

ÀȼåÀ­¤¬½¤Àµ¤µ¤ì¤¿À½Éʤª¤è¤Ó¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£

LINE client for iOS 14.9.0¤ª¤è¤Ó¤³¤ì°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó

¤³¤ÎÀȼåÀ­¤ÏiOSÈǤÎLINE¥¢¥×¥ê¤Ë¤Î¤ß±Æ¶Á¤·¡¢AndroidÈǤʤɾ¤Î¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¸þ¤±¤ÎLINE¥¢¥×¥ê¤Ë¤Ï±Æ¶Á¤·¤Ê¤¤¡£JPCERT¥³¡¼¥Ç¥£¥Í¡¼¥·¥ç¥ó¥»¥ó¥¿¡¼¤ÏiOSÈǤÎLINE¥¢¥×¥ê¤ÎÍøÍѼԤËÂФ·¡¢³«È¯¼Ô¤ÎÄ󶡤¹¤ë¾ðÊó¤Ë´ð¤Å¤¤¤ÆºÇ¿·ÈǤ˥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£