CVE-2022-2390

Name of the Vulnerable Software and Affected Versions Google Play Services SDK versions prior to 18.0.2

Description The issue arises from the incorrect setting of the mutability flag in PendingIntents passed to the Notification service in apps developed with the Google Play Services SDK. This bug affects many applications due to the widespread use of the Google Play services SDK. An attacker can exploit this to gain access to all non-exported providers and/or gain access to other providers the victim has permissions.

Recommendations For versions prior to 18.0.2, upgrade to version 18.0.2 of the Play Service SDK and rebuild and redeploy apps. As a temporary workaround, consider restricting access to non-exported providers and limiting permissions to minimize the risk of exploitation.