CVE-2023-44123

Name of the Vulnerable Software and Affected Versions com.lge.bluetoothsetting (affected versions not specified)

Description The issue is related to the use of implicit PendingIntents with the PendingIntent.FLAG MUTABLE set, which can lead to the theft and/or over-write of arbitrary files with system privilege in the Bluetooth app. An attacker's app, if it has access to app notifications, can intercept them and redirect them to its activity. This can result in the attacker's app being granted access permissions to content providers with the android:grantUriPermissions="true" flag.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.