CVE-2018-3987

Name of the Vulnerable Software and Affected Versions Rakuten Viber version 9.3.0.6

Description An information disclosure issue exists in the 'Secret Chats' functionality, which allows users to delete chat traces using a time trigger or direct request. However, a bug in this functionality causes photos taken and shared in secret chats to remain on the device, even after the chats are deleted. These photos are accessible to all installed applications on the Android device.

Recommendations For version 9.3.0.6, consider restricting access to the 'Secret Chats' functionality until a fix is available, and be cautious when sharing sensitive information through this feature. As a temporary workaround, users may want to manually review and delete photos shared in secret chats to minimize potential exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.