CVE-2024-41918

Name of the Vulnerable Software and Affected Versions Rakuten Ichiba App for Android versions 12.4.0 and earlier Rakuten Ichiba App for iOS versions 11.7.0 and earlier

Description The issue concerns improper authorization in the handler for the custom URL scheme, allowing an arbitrary site to be displayed on the WebView of the product via Intent from another application installed on the user's device. This could result in the user being redirected to an unauthorized site, potentially leading to a phishing attack.

Recommendations For Rakuten Ichiba App for Android versions 12.4.0 and earlier, update to a version later than 12.4.0 to resolve the issue. For Rakuten Ichiba App for iOS versions 11.7.0 and earlier, update to a version later than 11.7.0 to resolve the issue. As a temporary workaround, consider restricting the use of custom URL schemes in the app to minimize the risk of exploitation.