PT-2022-19237 · Unknown · Voice Note

Rahul Kankrale

Published

2022-05-03

Updated

2022-05-11

CVE-2022-28789

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Voice Note versions prior to 21.3.51.11

Description The issue allows attackers to record voice without user interaction due to unprotected activities in Voice Note. The patch adds proper permission for vulnerable activities.

Recommendations For versions prior to 21.3.51.11, update to version 21.3.51.11 or later to add proper permission for vulnerable activities and prevent unauthorized voice recording.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-28789

Affected Products

Voice Note

PT-2022-19237 · Unknown · Voice Note

CVE-2022-28789

Weakness Enumeration

Related Identifiers

Affected Products

References · 4