Vigil@nce - Android Contacts: phone calls
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to install a malicious
application, which uses Android Contacts, in order to make phone
calls.
Impacted products: Android Applications not comprehensive,
Android OS.
Severity: 2/4.
Creation date: 22/07/2016.
DESCRIPTION OF THE VULNERABILITY
The Contacts application can be installed on Android.
However, it accepts queries form other local applications, which
request a phone call, without the CALL_PHONE permission.
An attacker can therefore invite the victim to install a malicious
application, which uses Android Contacts, in order to make phone
calls.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Android-Contacts-phone-calls-20196