CVE-2024-5739: 
Line vulnerability analysis and mitigation

The vulnerability (CVE-2024-5739) affects the LINE iOS application versions below 14.9.0, specifically its in-app browser component. It is identified as a Universal Cross-Site Scripting (UXSS) vulnerability that was disclosed on June 12, 2024. The vulnerability allows arbitrary JavaScript execution in the top frame from an embedded iframe on any website displayed within the in-app browser (NVD).

The vulnerability is a Universal Cross-Site Scripting (UXSS) issue that specifically targets the in-app browser functionality. The exploitation occurs when a user taps on URLs contained in chat messages, and requires the victim to trigger a click event on a malicious iframe. The vulnerability is particularly concerning as it affects the security boundary between iframes and the top frame of the browser (NVD).

If successfully exploited, this vulnerability enables attackers to capture or alter content displayed in the top frame of the in-app browser, as well as access user session information. The impact is limited to LINE iOS users running versions below 14.9.0, while other LINE clients, such as LINE Android, remain unaffected (NVD).

Users are advised to update their LINE iOS application to version 14.9.0 or higher to mitigate this vulnerability. This update addresses the UXSS vulnerability in the in-app browser component (NVD).