Inure Task Hijacking Vulnerability in Android Applications Prior to Version 11

A task hijacking vulnerability has been identified in the Inure application by hamza417, affecting all Android versions prior to 11. The issue arises from a misconfiguration in the AndroidManifest.xml file, where the taskAffinity attribute is improperly set. This flaw allows malicious applications to inherit permissions from the vulnerable Inure app, potentially leading to the interception and theft of sensitive information from users' devices.

Impact

Exploitation of this vulnerability allows for task hijacking, where a malicious app can intercept and manipulate tasks of the legitimate Inure app, leading to unauthorized access and theft of sensitive information.

Reproduction

To reproduce this vulnerability, install the malicious application that exploits the task hijacking flaw. Once the malicious app is running, open the legitimate Inure app. The malicious app will intercept the Inure app's tasks and permissions, allowing it to access sensitive information.

Remediation

The vulnerability has been fixed in Inure build 97. Users should update to this version.