CVE-2024-53936

Name of the Vulnerable Software and Affected Versions com.asianmobile.callcolor (aka Color Phone Call Screen App) version 24 for Android

Description The issue allows any application to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActivity component. This enables unauthorized phone calls to be made without requiring any permissions.

Recommendations For version 24, consider disabling the com.asianmobile.callcolor.ui.component.call.CallActivity component to prevent unauthorized phone calls until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.