Parameth Eimsongsak

**Name of the Vulnerable Software and Affected Versions** LINE application version 8.8.0 for iOS **Description** An issue in the LINE application allows authentication bypass by overriding the `LAContext` return Boolean value to be "true" because the `kSecAccessControlUserPresence` protection mechanism is not used. This enables an attacker to authenticate with an arbitrary fingerprint. The vendor notes that this issue is not considered significant within their threat model, specifically excluding iOS devices that have been jailbroken. **Recommendations** For version 8.8.0, consider disabling the Biometric (TouchID) validation feature until a patch is available to prevent potential authentication bypass.

**Name of the Vulnerable Software and Affected Versions** LINE jp.naver.line application version 8.8.0 for iOS **Description** An issue in the LINE application allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. The vendor notes that this issue is not considered significant within their threat model, specifically excluding iOS devices that have been jailbroken. **Recommendations** For version 8.8.0, consider disabling the Passcode feature as a temporary workaround until a patch is available. Restrict access to sensitive features that rely on passcode authentication to minimize the risk of exploitation.