CVE-2024-27440 Information

Description

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don’t properly verify server certificates which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.

Reference

https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270 https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid https://jvn.jp/en/jp/JVN52919306/