CVE-2024-37574

Name of the Vulnerable Software and Affected Versions com.grice.call application version 4.5.2

Description The issue allows any installed application, even those without permissions, to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. This enables unauthorized phone calls, potentially leading to security breaches or unwanted charges.

Recommendations For version 4.5.2, consider disabling the com.iui.mobile.presentation.MobileActivity until a patch is available to prevent unauthorized phone calls. Restrict access to the application's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.