The appstore exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
The vulnerability can be fixed by performing system updates.
Tencent Mobile Security Lab Zidong Han, Jingwei Han submitted via GeekPwn.
vivo would like to thank them for working with us and coordinated vulnerability disclosure.
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to firstname.lastname@example.org
For details, please visit Security Advisory