N/A

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages.

N/A

N/A

Kakao KaKaoTalk 安全漏洞

Kakao KaKaoTalk是韩国多音通讯（Kakao）公司的一款在线即时通讯应用程序。 Kakao KakaoTalk 10.4.3版本存在安全漏洞，该漏洞源于存在深度链接验证问题，允许远程攻击者接管其他用户的帐户并阅读其聊天消息。

N/A

N/A