PT-2021-10767 · Tasks · Tasks
Published
2021-02-22
·
Updated
2021-02-27
·
CVE-2020-22475
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tasks application version prior to 9.7.3
Description
The issue is related to insecure permissions in the Tasks application. Specifically, the VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
Recommendations
For versions prior to 9.7.3, update to version 9.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the VoiceCommandActivity component to minimize the risk of exploitation.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tasks