CVE-2018-0691

Name of the Vulnerable Software and Affected Versions Softbank +Message App for Android versions prior to 10.1.7 Softbank +Message App for iOS versions prior to 1.1.23 NTT DOCOMO +Message App for Android versions prior to 42.40.2800 NTT DOCOMO +Message App for iOS versions prior to 1.1.23 KDDI +Message App for Android versions prior to 1.0.6 KDDI +Message App for iOS versions prior to 1.1.23

Description The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the apps do not verify X.509 certificates from SSL servers.

Recommendations For Softbank +Message App for Android versions prior to 10.1.7, update to version 10.1.7 or later. For Softbank +Message App for iOS versions prior to 1.1.23, update to version 1.1.23 or later. For NTT DOCOMO +Message App for Android versions prior to 42.40.2800, update to version 42.40.2800 or later. For NTT DOCOMO +Message App for iOS versions prior to 1.1.23, update to version 1.1.23 or later. For KDDI +Message App for Android versions prior to 1.0.6, update to version 1.0.6 or later. For KDDI +Message App for iOS versions prior to 1.1.23, update to version 1.1.23 or later.