CVE-2023-28387

Name of the Vulnerable Software and Affected Versions NewsPicks App for Android versions 10.4.5 and earlier NewsPicks App for iOS versions 10.4.2 and earlier

Description The issue is related to hard-coded credentials in the NewsPicks App, which may allow a local attacker to analyze data in the app and obtain an API key for an external service.

Recommendations For NewsPicks App for Android versions 10.4.5 and earlier, update to a version later than 10.4.5 to resolve the issue. For NewsPicks App for iOS versions 10.4.2 and earlier, update to a version later than 10.4.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data within the app until a patch is available.