[Vulnerability Report] LINE MUSIC for Android fails to verify SSL server certificates
LINE MUSIC for Android (versions 3.1.0 through 3.6.4) fails to verify SSL server certificates. This vulnerability can cause specific encrypted communication sessions to be intercepted or tampered with when using an untrusted network (*1). This issue was fixed in version 3.6.5 released on July 23, 2018.
This vulnerability affects communication sent and received while using LINE Music. LINE friends information, purchase tickets, and playlist information may be affected.
*1 Such as Wi-Fi access points installed with malicious intent
[Request to All Users]
If the LINE MUSIC Android version you are using is between 3.1.0 and 3.6.4, please update to the latest version.
You can check your LINE MUSIC version from "Settings" -> "About LINE MUSIC".
LINE MUSIC for Android
- Version 3.1.0 to 3.6.4
- Fixed in version 3.6.5
Note: Versions after 3.6.5 are not affected by this vulnerability.
iOS versions of LINE MUSIC are not affected.
JVN # 16933564 has been assigned to this issue
Updated July 26, 2018