Deep Link Validation Issue in KakaoTalk Affects User Security
CVE-2023-51219

9.6CRITICAL

Key Information:

Vendor: Kakao
Status: KakaoTalk
Vendor: CVE Published:; 3 June 2024

What is CVE-2023-51219?

A vulnerability in KakaoTalk version 10.4.3 allows remote attackers to exploit deep link validation issues, enabling the execution of malicious JavaScript within a WebView. This exploit can lead to a secondary vulnerability where an attacker can trigger another WebView that inadvertently discloses its access token in an HTTP request header. With this access token, attackers can potentially take over user accounts and compromise private chat messages, posing serious privacy and security concerns.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://stulle123.github.io/posts/kakaotalk-account-takeo...

https://news.ycombinator.com/item?id=40776880

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 3, 2024

JSON

Kakao

What is CVE-2023-51219?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.