CVE-2023-20963

Name of the Vulnerable Software and Affected Versions Android versions Android-11 through Android-13

Description The issue is related to a possible parcel mismatch in WorkSource, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability is associated with errors in the certificate authentication procedure. It has been exploited in the wild, with cases involving the Pinduoduo app, which used the exploit to download additional malicious modules for spying on users and accessing their notifications and files.

Recommendations For Android versions Android-11 through Android-13, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.