CVE-2024-53934
📋 TL;DR
This vulnerability allows any Android application without permissions to place phone calls without user interaction by sending a crafted intent to the Color Phone Call Screen Themes app. It affects Android users who have installed versions 1.1.2 or earlier of the Color Phone Call Screen Themes application.
💻 Affected Systems
- Color Phone Call Screen Themes (com.windymob.callscreen.ringtone.callcolor.colorphone)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious apps could place premium-rate calls, make unauthorized calls to emergency services, or conduct phone-based harassment campaigns without user knowledge.
Likely Case
Malware or adware could place unwanted calls to generate revenue or conduct phishing campaigns.
If Mitigated
With proper app permissions and user awareness, impact is limited to apps that users have already installed.
🎯 Exploit Status
Exploitation requires another malicious app to be installed on the same device and send crafted intents.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.1.2
Vendor Advisory: https://github.com/actuator/com.windymob.callscreen.ringtone.callcolor.colorphone
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for 'Color Phone Call Screen Themes' 3. Check if update is available 4. Install the latest version 5. Alternatively, uninstall the app completely
🔧 Temporary Workarounds
Uninstall vulnerable app
AndroidRemove the Color Phone Call Screen Themes application from the device
Settings > Apps > Color Phone Call Screen Themes > Uninstall
Disable app permissions
AndroidRevoke phone call permissions from the app
Settings > Apps > Color Phone Call Screen Themes > Permissions > Phone > Deny
🧯 If You Can't Patch
- Uninstall the Color Phone Call Screen Themes application
- Use Android's app permission settings to deny phone permissions to the app
🔍 How to Verify
Check if Vulnerable:
Check app version in Settings > Apps > Color Phone Call Screen Themes > App Info. If version is 1.1.2 or earlier, you are vulnerable.Check Version:
adb shell dumpsys package com.windymob.callscreen.ringtone.callcolor.colorphone | grep versionNameVerify Fix Applied:
Update to latest version from Google Play Store and verify version is higher than 1.1.2.📡 Detection & Monitoring
Log Indicators:
- Unexpected phone call intents from com.windymob.callscreen.ringtone.callcolor.colorphone
- Phone call activities without user interaction
Network Indicators:
- Unexpected outbound calls from device
SIEM Query:
app:'com.windymob.callscreen.ringtone.callcolor.colorphone' AND action:'android.intent.action.CALL'