A high-severity vulnerability has been discovered in the LINE client for iOS, affecting versions prior to 15.0. This flaw could allow a remote attacker to compromise a user's device by sending a specially crafted message, potentially leading to the theft of sensitive data, account takeover, and further attacks. Organizations must ensure all users update their LINE application immediately to mitigate the significant risk of data breaches and unauthorized access.

The vulnerability is a remote code execution flaw resulting from improper input validation when processing rich media content within messages. An unauthenticated, remote attacker can exploit this by sending a specially crafted message (e.g., containing a malformed video or sticker) to a target user. When the vulnerable LINE client attempts to render the malicious content, it triggers a buffer overflow, allowing the attacker to execute arbitrary code with the permissions of the LINE application on the user's iOS device.

This vulnerability is rated as High severity with a CVSS score of 7.7. Successful exploitation could have a significant business impact, particularly in environments where employees use LINE for communication on corporate or BYOD devices. Potential consequences include the compromise of confidential business communications, theft of personal and corporate data accessible by the app (contacts, files), and account takeover leading to impersonation or social engineering attacks against other employees and partners. A compromised device could also serve as a pivot point for lateral movement into the corporate network, escalating the overall security risk.

Immediate Action: Apply vendor security updates immediately. All users must update their LINE for iOS application to version 15.0 or later through the official Apple App Store. System administrators should use Mobile Device Management (MDM) solutions to enforce this update across all managed devices. Following the update, monitor for any signs of post-exploitation activity and review application and network access logs for anomalous behavior preceding the patch.

Proactive Monitoring: Security teams should monitor for indicators of compromise, including:

• Unusual crashes of the LINE application reported by users or logged in MDM systems.
• Anomalous outbound network traffic from mobile devices to unknown or suspicious IP addresses or domains.
• Unexpected behavior on iOS devices, such as rapid battery drain or high data usage, which could indicate malicious background processes.

Compensating Controls: If patching cannot be immediately deployed, the following controls can help reduce risk:

• Advise users to exercise extreme caution and avoid opening messages or media attachments from unknown or untrusted contacts.
• Implement network-level security controls, such as web filtering or DNS protection, to block connections to known malicious infrastructure.
• Enforce MDM policies to containerize business applications and data, limiting the potential impact of a compromise of a personal communication app like LINE.

Public Exploit Available: false

Given the high severity (CVSS 7.7) of this remote code execution vulnerability, we strongly recommend immediate and prioritized action. The primary remediation is to ensure all instances of the LINE client for iOS are updated to version 15.0 or newer without delay. Although this vulnerability is not currently listed on the CISA KEV catalog, its potential for widespread impact makes it a critical threat. Organizations should use all available tools, including MDM policies and user communications, to enforce this update and prevent potential compromise of sensitive data and user accounts.