Stulle123

**Name of the Vulnerable Software and Affected Versions** KakaoTalk version 10.4.3 **Description** A deep link validation issue allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages. **Recommendations** For KakaoTalk version 10.4.3, consider disabling the WebView functionality until a patch is available to prevent the execution of attacker-controlled JavaScript. Restrict access to sensitive features that may leak access tokens to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.