"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
References
Link | Resource |
---|---|
https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ | Exploit Patch Third Party Advisory |
https://www.exploit-db.com/exploits/49563 | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2021-02-22 17:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-22475
Mitre link : CVE-2020-22475
CVE.ORG link : CVE-2020-22475
JSON object : View
Products Affected
tasks
- tasks
CWE
CWE-276
Incorrect Default Permissions