CVE-2023-40130

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue is related to a logic error in the code of CallRedirectionProcessor.java, specifically in the onBindingDied method. This error can lead to a permission bypass, resulting in local escalation of privilege and the ability to launch background activities without additional execution privileges. User interaction is not required for exploitation.

Recommendations As a temporary workaround, consider disabling the onBindingDied method in CallRedirectionProcessor.java until a patch is available. Restrict access to the CallRedirectionProcessor class to minimize the risk of exploitation. Avoid using the affected CallRedirectionProcessor class in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.