CVE-2023-51219

Name of the Vulnerable Software and Affected Versions KakaoTalk version 10.4.3

Description A deep link validation issue allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages.

Recommendations For KakaoTalk version 10.4.3, consider disabling the WebView functionality until a patch is available to prevent the execution of attacker-controlled JavaScript. Restrict access to sensitive features that may leak access tokens to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.