CVE-2023-21292

Name of the Vulnerable Software and Affected Versions Android versions prior to the August 2023 ASB

Description The issue is related to a confused deputy in the openContentUri method of ActivityManagerService.java, allowing a third-party app to obtain restricted files. This could lead to local information disclosure without requiring additional execution privileges or user interaction.

Recommendations For versions prior to the August 2023 ASB, update to a version that includes the August 2023 ASB to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.