[Vulnerabilities] Bug Preventing LINE App for Windows PC from Being Safely Updated Has Been Fixed
Due to a bug in the auto updating feature in the LINE app for Windows PC, there was a potential for prohibited files to be installed if the said app version was used in an untrusted network*1. This vulnerability has been fixed in version 4.8.3.
*1: Ex. A malicious Wi-Fi access point.
Request to Users
Users using version 18.104.22.1685 or older of the LINE app for Windows PC, are recommended to download the latest version directly from the following URL and reinstall the app. In doing so, please refrain from using the auto updating feature. This is because even when updating to the latest version of the app which contains the bug fix, depending on the network connection used, the very act of auto updating itself may expose users to security risks.
To check the app version, select "About LINE" under "Settings"
- If the displayed version is 4.8.3 or higher, this means the latest version of the app is installed.
-If the displayed version is 22.214.171.1245 or lower, users are requested to download and install the latest version from the above link.
-Users who do not currently use the PC version of LINE are also recommended to download and install the latest version from the link above.
The bug does not affect the app for Windows 8/10 that has been downloaded from the Microsoft store*2.
*2: URL for the app optimized for Windows 8/10 and Windows Phone/Tablet (Latest version: 5.3.0 as of August 19, 2016):
Please note that Windows 8/10 PC users are also affected by the bug if they are using version 126.96.36.1995 or older of the LINE app for Windows PC.
Scope of Effect
LINE app for Windows PC
-Version 188.8.131.525 or older
-Bug fixed in version 4.8.3
The LINE app for Android, iOS, Mac OS, and Windows 8/10 are not affected. The latest versions are available in the app store of each OS.
This issue has been assigned CVE-2016-4850 / JVN#05924524
August 25, 2016 - Updated affected versions, CVE-ID assigned.
August 19, 2016 - Initial release.