Rahul Kankrale

**Name of the Vulnerable Software and Affected Versions** Voice Note versions prior to 21.3.51.11 **Description** The issue allows attackers to record voice without user interaction due to unprotected activities in Voice Note. The patch adds proper permission for vulnerable activities. **Recommendations** For versions prior to 21.3.51.11, update to version 21.3.51.11 or later to add proper permission for vulnerable activities and prevent unauthorized voice recording.

**Name of the Vulnerable Software and Affected Versions** Link to Windows Service versions prior to 2.3.04.1 **Description** The issue is related to improper authentication in the Link to Windows Service, which allows an attacker to lock the device. The patch for this issue adds proper caller signature check logic. **Recommendations** For versions prior to 2.3.04.1, update to version 2.3.04.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Link to Windows Service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Camera versions prior to 11.1.02.16 Camera versions prior to 10.5.03.77 Camera versions prior to 9.0.6.68 **Description** The issue allows untrusted applications to take a picture when the screen is locked, due to improper access control. **Recommendations** For versions prior to 11.1.02.16, update to version 11.1.02.16 or later. For versions prior to 10.5.03.77, update to version 10.5.03.77 or later. For versions prior to 9.0.6.68, update to version 9.0.6.68 or later.