Impact

A path traversal vulnerability delivered using a deeplink can force the com.imo.android.imoim Android Application up to version 2022.11.1051 to write files into its data directory. This may allow an attacker to write a library file under a special directory that the app uses to dynamically load modules. Loading the library can finally lead to arbitrary code execution with the application's privileges.

Patches

The issue was patched in version: 2022.11.2011