Foresight News App Improper Component Export Vulnerability in Android Manifest
Vulnerability
A vulnerability allowing improper export of Android application components has been identified in the Foresight News App, versions up to 2.6.4, on Android. This issue arises from an unknown manipulation in the AndroidManifest.xml file of the component pro.foresightnews.appa. The vulnerability requires local exploitation and has been publicly disclosed, with an available proof-of-concept exploit.
Impact
Exploitation of this vulnerability can lead to task hijacking, allowing malicious apps to inherit permissions from vulnerable ones. This could be used for phishing login credentials from victims.
Reproduction
The vulnerability can be reproduced by modifying the AndroidManifest.xml file to improperly export application components, allowing other applications to access them without proper restrictions. This could be done by an application running on the same device.
Remediation
No specific mitigation is known, but it is suggested to replace the affected app with an alternative product.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.