Akaki Tsunoda

**Name of the Vulnerable Software and Affected Versions** KDDI +Message App for Android versions prior to 3.9.2 KDDI +Message App for iOS versions prior to 3.9.4 NTT DOCOMO +Message App for Android versions prior to 54.49.0500 NTT DOCOMO +Message App for iOS versions prior to 3.9.4 SoftBank +Message App for Android versions prior to 12.9.5 SoftBank +Message App for iOS versions prior to 3.9.4 **Description** The issue is caused by improper handling of Unicode control characters in the +Message App. This allows a crafted text to display misleading web links, potentially leading to spoofed URLs and phishing attacks. The app displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. **Recommendations** For KDDI +Message App for Android versions prior to 3.9.2, update to version 3.9.2 or later. For KDDI +Message App for iOS versions prior to 3.9.4, update to version 3.9.4 or later. For NTT DOCOMO +Message App for Android versions prior to 54.49.0500, update to version 54.49.0500 or later. For NTT DOCOMO +Message App for iOS versions prior to 3.9.4, update to version 3.9.4 or later. For SoftBank +Message App for Android versions prior to 12.9.5, update to version 12.9.5 or later. For SoftBank +Message App for iOS versions prior to 3.9.4, update to version 3.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** Athenz versions 1.8.24 and earlier **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. This can lead to unauthorized access to sensitive information. **Recommendations** For Athenz versions 1.8.24 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.