Pantuhong Sorasiri

**Name of the Vulnerable Software and Affected Versions** @cosme App for Android versions prior to 5.69.0 @cosme App for iOS versions prior to 6.74.0 **Description** The issue is related to improper authorization in the handler for the custom URL scheme, which allows an attacker to lead a user to access an arbitrary website via the vulnerable App. This could result in the user becoming a victim of a phishing attack. **Recommendations** For @cosme App for Android versions prior to 5.69.0, update to version 5.69.0 or later to resolve the issue. For @cosme App for iOS versions prior to 6.74.0, update to version 6.74.0 or later to resolve the issue. As a temporary workaround, consider restricting access to custom URL schemes in the @cosme App to minimize the risk of exploitation.