You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This category covers all the vulnerabilities related with the resolution of implicit Intent delivery. When an application sends an implicit Intent, there is no guarantee that a malicious application will not gather such Intent, since a malicious application could register a Intent Filter capable to pass the resolution (action, data and category), unless such Intent has a set of required permissions that the malicious user does not have. If a malicious application is able to intercept implicit Intents, it could have access to the execution of dataflow, being able to perform denial-of-service attacks or phishing. This category considers how this type of vulnerability can be exposed on particular components: Broadcast, Activities y Services.
The following controls are applied in this category:
**OASAM-UIR-001: Broadcast Theft.** Intent interception on Broadcast components.
**OASAM-UIR-002: Activity Hijacking.** Intent interception on Activity components.
**OASAM-UIR-003: Service Hijacking.** Intent interception on Service components.
**OASAM-UIR-004:Weakness Special Intents.** Pending Intent interception.
