You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A crafted URI can force a WebView of the com.zhiliaoapp.musically Android Application to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface and hijack a user's account.
Patches
It is recommended to update to version 23.7.3 or above.
Impact
A crafted URI can force a WebView of the com.zhiliaoapp.musically Android Application to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface and hijack a user's account.
Patches
It is recommended to update to version 23.7.3 or above.
Workarounds
No workaround available
References
HackerOne disclosure
For more information
If you have any questions or comments about this advisory: