CVE-2024-53935

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 6, 2025

Updated: Jan 7, 2025

Summary

CVE-2024-53935 is a vulnerability affecting the com.callos14.callscreen.colorphone application, also known as iCall OS17 - Color Phone Flash, on Android versions up to 4.3. This issue allows any application to place phone calls without user interaction. An attacker can exploit this vulnerability by sending a crafted intent to the affected component, the com.callos14.callscreen.colorphone.DialerActivity. This bypasses the usual permission requirements, enabling unauthorized phone calls. This vulnerability poses a significant risk to privacy and security, as it allows attackers to make calls without the user's knowledge or consent.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-53935

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations