PT-2023-17881 · Google · Android
Publicado
2023-04-01
·
Atualizado
2023-04-25
·
CVE-2023-21088
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-12 through Android-13
Description
A logic error in the LocationProviderManager.java code allows for the bypassing of background activity launch restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.
Recommendations
For Android versions Android-12 through Android-13, consider restricting background activity launches to minimize the risk of exploitation until a patch is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Android