CVE-2023-44122

Name of the Vulnerable Software and Affected Versions LockScreenSettings (affected versions not specified)

Description The issue is related to the theft of arbitrary files with system privilege in the LockScreenSettings app. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. These intents can return arbitrary data that will be passed to the onActivityResult() method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper 01.png" path and then changes the file access mode to world-readable and world-writable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.