The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
Devices that support automatic updates receive a system update prompt, and users complete the fix for the vulnerability by performing a system update.
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to firstname.lastname@example.org
For details, please visit Security Advisory