TextNow Android Application Phone Call Vulnerability via Crafted Intent

Vulnerability

A vulnerability in the TextNow application for Android, specifically version 24.17.0.2, allows any installed app to make phone calls without user interaction. This is achieved by sending a specially crafted intent to the DialerActivity component, bypassing normal permission requirements.

Impact

Exploitation of this vulnerability allows for unauthorized phone calls to be made from the user's device, without their knowledge or consent.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TextNow Android Application Phone Call Vulnerability via Crafted Intent

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating