CVE-2024-37575

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 4, 2024
Updated: Dec 11, 2024
CWE ID 281

Summary

CVE-2024-37575 is a vulnerability affecting the Mister org.mistergroup.shouldianswer application version 1.4.264 for Android. This issue allows any installed app, without requiring user-granted permissions, to initiate phone calls silently by sending a crafted intent to the DefaultDialerActivity component of the aforementioned application. This vulnerability poses a significant security risk, as unauthorized calls could lead to financial losses, privacy concerns, and potential phishing attacks. Users are strongly encouraged to update their Mister app to the latest version to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share