CVE-2024-13917

Name of the Vulnerable Software and Affected Versions com.pri.applock version 13 (version code: 33)

Description The issue allows a malicious application to inject an arbitrary intent with system-level privileges to a protected application. This can be done by exploiting the exposed "com.pri.applock.LockUI" activity, which does not require any granted Android system permissions. To successfully inject the intent, the malicious application must know the protecting PIN number or ask the user to provide it.

Recommendations For version 13 (version code: 33), consider restricting access to the com.pri.applock.LockUI activity to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.