CVE-2023-21017

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue is related to improper input validation in the InstallStart.java file, allowing for a possible change in the installer package name. This could lead to local escalation of privilege, requiring User execution privileges. No user interaction is needed for exploitation.

Recommendations For Android version Android-13, consider restricting access to the InstallStart.java functionality until a proper fix is applied, focusing on improving input validation to prevent unauthorized package name changes. As a temporary workaround, ensure that all inputs are thoroughly validated to minimize the risk of exploitation.