CVE-2023-20913

Name of the Vulnerable Software and Affected Versions Android versions Android-10 through Android-13

Description The issue is related to a tapjacking/overlay attack in the PhoneAccountSettingsActivity.java file, which could mislead users into enabling a malicious phone account. This could lead to local escalation of privilege, requiring user interaction for exploitation and needing User execution privileges.

Recommendations For Android versions Android-10 through Android-13, consider restricting access to the PhoneAccountSettingsActivity until a patch is available. As a temporary workaround, avoid enabling new phone accounts from untrusted sources to minimize the risk of exploitation.