LINE Corporation has reorganized to LY Corporation on October 1, 2023.
Please click here to visit the corporate website of LY Corporation.
The information contained in this page is as of September 30, 2023.

LINE

[Vulnerabilities] Bug Preventing LINE App for Windows PC from Being Safely Updated Has Been Fixed

2016.08.19

Summary

Due to a bug in the auto updating feature in the LINE app for Windows PC, there was a potential for prohibited files to be installed if the said app version was used in an untrusted network*1. This vulnerability has been fixed in version 4.8.3.

*1: Ex. A malicious Wi-Fi access point.

 

Request to Users

Users using version 4.8.2.1125 or older of the LINE app for Windows PC, are recommended to download the latest version directly from the following URL and reinstall the app. In doing so, please refrain from using the auto updating feature. This is because even when updating to the latest version of the app which contains the bug fix, depending on the network connection used, the very act of auto updating itself may expose users to security risks.

https://line.me/download

To check the app version, select "About LINE" under "Settings"

- If the displayed version is 4.8.3 or higher, this means the latest version of the app is installed. 

-If the displayed version is 4.8.2.1125 or lower, users are requested to download and install the latest version from the above link.

-Users who do not currently use the PC version of LINE are also recommended to download and install the latest version from the link above.

The bug does not affect the app for Windows 8/10 that has been downloaded from the Microsoft store*2.

*2: URL for the app optimized for Windows 8/10 and Windows Phone/Tablet (Latest version: 5.3.0 as of August 19, 2016): 

  https://www.microsoft.com/en-us/store/p/line/9wzdncrfj2g6  

Please note that Windows 8/10 PC users are also affected by the bug if they are using version 4.8.2.1125 or older of the LINE app for Windows PC.

 

Scope of Effect

LINE app for Windows PC

-Version 4.8.2.1125 or older

-Bug fixed in version 4.8.3

The LINE app for Android, iOS, Mac OS, and Windows 8/10 are not affected. The latest versions are available in the app store of each OS. 

 

CVE-ID

This issue has been assigned CVE-2016-4850 / JVN#05924524

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4850

https://jvn.jp/en/jp/JVN05924524/

 

Update History

August 25, 2016 - Updated affected versions, CVE-ID assigned.

August 19, 2016 - Initial release.

List
© LY Corporation