CVE-2023-44129

Name of the Vulnerable Software and Affected Versions com.android.mms (affected versions not specified)

Description The issue allows an attacker to forward controlled intents back to themselves through the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity in the Messaging app patched by LG. This can be exploited by launching the activity and sending a broadcast with the "com.lge.message.action.QCLIP" action, potentially allowing the attacker to send their own data or clip data and set Intent.FLAG GRANT * flags. After receiving the intent in the onActivityResult() method, the attacker could access arbitrary content providers that have the android:grantUriPermissions="true" flag set.

Recommendations As a temporary workaround, consider disabling the com.android.mms.ui.QClipIntentReceiverActivity activity until a patch is available. Restrict access to the com.lge.message.action.QCLIP action to minimize the risk of exploitation. Avoid using the Intent.FLAG GRANT * flags in the affected activity until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.