First published: Wed Jul 05 2023(Updated: )
In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =11.0 | |
Google Android | =12.0 | |
Google Android | =12.1 | |
Google Android | =13.0 | |
https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d
https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf
https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.