CVE-2024-5739

Name of the Vulnerable Software and Affected Versions: LINE client for iOS versions prior to 14.9.0

Description: The in-app browser of the LINE client contains a Universal XSS (UXSS) vulnerability, allowing for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed website within the in-app browser. The attack requires the victim to trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this issue could be exploited to capture or alter content displayed in the top frame, as well as user session information.

Recommendations: For LINE client for iOS versions prior to 14.9.0, update to version 14.9.0 or higher to resolve the issue. As a temporary workaround, consider avoiding the use of the in-app browser for sensitive activities until the update is applied. Restrict access to iframes from untrusted sources to minimize the risk of exploitation.