LINE

LINE announces that it has fixed the vulnerability in the Windows PC version of the LINE app that was reported by the JPCERT Coordination Center (JPCERT/CC). 

■Background

On June 28, 2016, JPCERT/CC informed the Company of the following vulnerability which has now been fixed.

Vulnerability related to DLL load

【Bug Details】

While the Windows PC version of the LINE app reads a specific DLL when opening a file, due to an issue with the DLL search path, an unintended DLL was being read. The versions affected by this bug were 4.7.0 and earlier for Windows PC, and their respective installers 4.8.0 and earlier. 

Please note: It was later confirmed after this release that the named installer version insufficiently addressed the bug. The text has therefore been revised from “their respective installers 4.7.0 and earlier” to “their respective installers 4.8.0 and earlier.”  [added August 19, 2016]

【Solution】

Upon receiving the bug report, a fixed version was released on July 1 and all affected apps were automatically updated. 

【Request to Users】

Although the above bug has been fixed, users are nevertheless recommended to use the most recent version of the LINE app at all times to ensure optimal user experience.

▼Download Page (PC/mobile)

https://line.me/en/download

Please note: An issue has arisen with the automatic updating feature in the LINE app for Windows PC, and so users using versions earlier than 4.8.3 are recommended to download and install the latest version of the app from the above page. See here for details. [added August 19, 2016]

The Company would like to thank JPCERT/CC and Mr. Takashi Yoshikawa of Mitsui Bussan Secure Directions for reporting this vulnerability, allowing the error in the program to be fixed without delay.

The Company will continue to strive to ensure the highest security standards, and perform updates to provide a safe user environment.