Color Phone Call Screen Themes Intent-Based Unattended Call Initiation Vulnerability

A vulnerability in the Color Phone Call Screen Themes application for Android, specifically in versions through 1.1.2, allows any app to make phone calls without user interaction. This is achieved by sending a specially crafted intent to the 'com.frovis.androidbase.call.DialerActivity' component, bypassing normal permission requirements.

Impact

Exploitation of this vulnerability allows for unauthorized phone calls to be placed from the user's device, without their knowledge or consent.

Reproduction

To reproduce this vulnerability, an application must send an intent targeting the 'com.frovis.androidbase.call.DialerActivity' component of the Color Phone Call Screen Themes app. The intent must be crafted to initiate a phone call. Once the intent is received by the Color Phone app, it will automatically place the call without any user interaction.