Man-in-the-Middle Vulnerability in LINE for iOS by LINE Corporation
CVE-2018-0518

5.9MEDIUM

Key Information:

Vendor: Line Corporation
Status: Line For iOS
Vendor: CVE Published:; 23 February 2018

🔔 Create Line Corporation Vulnerability Alert

What is CVE-2018-0518?

The LINE messaging application for iOS versions 7.1.3 to 7.1.5 exhibits a flaw where it fails to properly verify X.509 certificates from SSL servers. This oversight enables attackers to execute man-in-the-middle attacks, potentially leading to the spoofing of legitimate servers. As a result, sensitive information transmitted through the app can be intercepted, jeopardizing user privacy and data security.

Affected Version(s)

LINE for iOS version 7.1.3 to 7.1.5

References

https://linecorp.com/en/security/article/136

x_refsource_MISC

https://jvn.jp/en/jp/JVN75453852/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2018
Vulnerability Reserved
Nov 27, 2017