CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-10018

CVSS 9.8v3.1pub. 2024-10-16upd. 2026-04-15

Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.

🤖 AI Analysis
How it works

The application com.transsion.aivoiceassistant does not implement proper permission controls (CWE-732) when handling requests to execute system components. An attacker, without needing to possess permissions or user interaction, can remotely invoke unexported components of other applications, which are normally access-restricted. Unexported components are designed to be protected from external access; however, a flaw in this application's permission logic allows these protections to be bypassed.

Impact

An attacker can execute any unexported component of installed applications, which may lead to unauthorized data access, system integrity violations, and potential takeover of device functions.

Mitigation & patch

Apply patches available from the manufacturer according to references (https://security.tecno.com/SRC/securityUpdates?type=SA). It is recommended to regularly check for security updates from Transsion Security Response Center and immediately install available fixes.

Who is affected

Mobile devices with the installed application com.transsion.aivoiceassistant (AI Voice Assistant by Transsion); specific versions indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References