From securityaffairs.co
Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked asĀ CVE-2022-22292, in Android 9, 10, 11, and 12 devices.
The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung devices. Experts pointed out that the Phone app has an insecure component which allows local apps to perform privileged operations without any user interaction.