{"id":60889,"date":"2025-01-29T02:20:30","date_gmt":"2025-01-28T23:20:30","guid":{"rendered":"http:\/\/JVN#08430039"},"modified":"2025-01-29T02:20:30","modified_gmt":"2025-01-28T23:20:30","slug":"shonen-jump-app-for-android-fails-to-restrict-custom-url-schemes-properly","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/shonen-jump-app-for-android-fails-to-restrict-custom-url-schemes-properly\/","title":{"rendered":"&#8220;Shonen Jump+&#8221; App for Android fails to restrict custom URL schemes properly"},"content":{"rendered":"<div readability=\"33\">\n<h2>Overview<\/h2>\n<p>&#8220;Shonen Jump+&#8221; App for Android provided by SHUEISHA INC. fails to restrict custom URL schemes properly.<\/p>\n<\/p><\/div>\n<div readability=\"33.121771217712\">\n<h2>Description<\/h2>\n<p>&#8220;Shonen Jump+&#8221; App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/939.html\" target=\"_blank\" rel=\"noopener\">CWE-939<\/a>) which may be exploited to direct the App to access any sites.<\/p>\n<\/p><\/div>\n<div readability=\"34\">\n<h2>Impact<\/h2>\n<p>A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.<\/p>\n<\/p><\/div>\n<div readability=\"34\">\n<h2>Solution<\/h2>\n<p><strong>Update the Application<\/strong><br \/>Update the application to the latest version according to the information provided by the developer.<br \/>The developer states there is no need for users to take any actions since the application is automatically updated when it is launched.<\/p>\n<\/p><\/div>\n<div readability=\"34\">\n<h2>Credit<\/h2>\n<p>Toshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.<br \/>JPCERT\/CC coordinated with the developer under Information Security Early Warning Partnership.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview &#8220;Shonen Jump+&#8221; App for Android provided by SHUEISHA INC. fails to restrict custom URL schemes properly. Description &#8220;Shonen Jump+&#8221; App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly (CWE-939) which may be exploited to &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-60889","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60889"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60889\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}