CVE-2024-36062

Name of the Vulnerable Software and Affected Versions com.callassistant.android (aka AI Call Assistant & Screener) version 1.174

Description The issue allows any installed application, even without permissions, to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component. This enables unauthorized phone calls, potentially leading to unwanted charges or security breaches.

Recommendations For version 1.174, consider disabling the com.callassistant.android.ui.call.incall.InCallActivity component until a patch is available to prevent unauthorized phone calls. At the moment, there is no information about a newer version that contains a fix for this vulnerability.