CVE-2018-13434

Name of the Vulnerable Software and Affected Versions LINE application version 8.8.0 for iOS

Description An issue in the LINE application allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. This enables an attacker to authenticate with an arbitrary fingerprint. The vendor notes that this issue is not considered significant within their threat model, specifically excluding iOS devices that have been jailbroken.

Recommendations For version 8.8.0, consider disabling the Biometric (TouchID) validation feature until a patch is available to prevent potential authentication bypass.