GalleryVault Gallery Vault App Task Hijacking Vulnerability

A task hijacking vulnerability has been identified in GalleryVault Gallery Vault App versions through 4.5.2 on Android. This vulnerability arises from an improper export of application components in the AndroidManifest.xml file of the com.thinkyeah.galleryvault component. The flaw allows malicious apps to inherit permissions from vulnerable apps, potentially leading to phishing attacks by manipulating or taking over tasks within Android. The vulnerability affects all Android versions prior to Android 11 and requires local access for exploitation.

Impact

Exploitation of this vulnerability allows for task hijacking, where a malicious application can take over a legitimate app's task, inheriting its permissions. This could be used to phish for sensitive information from the user or to manipulate the user into granting additional permissions to the malicious app.

Reproduction

To reproduce this vulnerability, a malicious app must be created with a task affinity that matches that of the vulnerable GalleryVault app. Once this malicious app is installed on a device, it can hijack the GalleryVault app's task, replacing its original activity with a phishing activity from the malicious app. This can be done by exploiting the default task affinity setting of the GalleryVault app, which does not properly restrict access to its components.

Remediation

Users can mitigate this vulnerability by updating to a version of GalleryVault that is not affected by this issue. Additionally, developers can prevent similar vulnerabilities by properly configuring the taskAffinity property in the AndroidManifest.xml file to restrict access to application components.