Start Arbitrary Activity App Affecting Samsung Android Devices
The vulnerability allows any local app on the device (including third-party apps with zero permissions) to provide arbitrary Intent objects that will be used by a pre-installed app (com.android.server.telecom) executing as the system user to start an activity app component (even those that are not exported) of the attacker’s choosing, affecting Android versions 10, 11, and 12.