LINE Corporation has reorganized to LY Corporation on October 1, 2023.
Please click here to visit the corporate website of LY Corporation.
The information contained in this page is as of September 30, 2023.

LINE

[Vulnerability Report] LINE MUSIC for Android fails to verify SSL server certificates

2018.07.26

2018.07.26

[Overview]

LINE MUSIC for Android (versions 3.1.0 through 3.6.4) fails to verify SSL server certificates. This vulnerability can cause specific encrypted communication sessions to be intercepted or tampered with when using an untrusted network (*1). This issue was fixed in version 3.6.5 released on July 23, 2018.

 

This vulnerability affects communication sent and received while using LINE Music. LINE friends information, purchase tickets, and playlist information may be affected.

*1 Such as Wi-Fi access points installed with malicious intent

 

[Request to All Users]

If the LINE MUSIC Android version you are using is between 3.1.0 and 3.6.4, please update to the latest version.

You can check your LINE MUSIC version from "Settings" -> "About LINE MUSIC".

 

[Affected Versions]

LINE MUSIC for Android

- Version 3.1.0 to 3.6.4

- Fixed in version 3.6.5

Note: Versions after 3.6.5 are not affected by this vulnerability.

          iOS versions of LINE MUSIC are not affected.

 

[Related Links]

JVN # 16933564 has been assigned to this issue

https://jvn.jp/en/jp/JVN16933564/index.html

 

[Update History]

Updated July 26, 2018

 

List
© LY Corporation