A high-severity vulnerability in the ChooserActivity component of an application could allow a malicious application to bypass security restrictions or gain unauthorized permissions.

An unspecified vulnerability exists in the onCreate method of a ChooserActivity. This suggests a flaw in the initialization of a component responsible for handling user choices (e.g., "Open with..."), which could be exploited by a malicious application installed on the same device to intercept data or trick the user into granting unintended permissions.

Exploitation could lead to information disclosure, where a malicious app intercepts sensitive files or data intended for a legitimate app. It could also result in privilege escalation if the malicious app can leverage the vulnerable component to gain permissions it was not granted. The CVSS score of 7.8 (High) highlights the risk of data leakage and security boundary bypass on the affected device.

Immediate Action: Apply the security update or application update provided by the vendor to fix the flaw in the ChooserActivity.

Proactive Monitoring: On mobile devices, use Mobile Device Management (MDM) and mobile threat defense (MTD) solutions to monitor for malicious applications and anomalous inter-process communication.

Compensating Controls: Educate users on the risks of installing applications from untrusted sources. Use application vetting and whitelisting to control which applications can be installed on corporate devices.

Public Exploit Available: false

This vulnerability poses a significant risk to data security on devices where a malicious application could be installed. Organizations must ensure that all affected applications are updated promptly to prevent local applications from exploiting this flaw to bypass security controls.