CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-36437: The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no...

Description

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.

Classification

CVE ID: CVE-2024-36437

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.83% (scored less or equal to compared to others)

EPSS Date: 2025-03-04 (when was this score calculated)

References

https://play.google.com/store/apps/details?id=com.enflick.android.TextNow
https://github.com/actuator/com.enflick.android.TextNow/blob/main/CVE-2024-36437

Timeline

2025-02-04 00:38:31 UTC
CVE

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no...