Glitter Caller Screen Insecure Permission Vulnerability Allowing Unauthorized Phone Calls
Vulnerability
A vulnerability in the Glitter Caller Screen application (also known as iCaller, Caller Theme & Dialer) for Android, in versions through 1.1, allows any application to make phone calls on behalf of the user without permission or interaction. This is achieved by sending a specially crafted intent to the exported 'com.glitter.caller.screen.DialerActivity' component.
Impact
Exploitation of this vulnerability enables unauthorized phone calls to be placed from the user's device, without their knowledge or consent.
Reproduction
The vulnerability can be reproduced by sending a crafted intent to the 'com.glitter.caller.screen.DialerActivity' component from a malicious third-party application installed on the device. This intent must be designed to exploit the insecure permission handling of the Glitter Caller Screen app, taking advantage of the fact that the 'DialerActivity' is exported and accessible to other applications.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.