First published: Mon Jun 05 2023(Updated: )
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008
Credit: security@android.com security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =13.0 | |
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-21139 is rated as high with a CVSS score of 7.8.
To mitigate CVE-2023-21139, it is recommended to apply the security patches provided by Google for Android version 13.0.
No, user interaction is not needed for the exploitation of CVE-2023-21139.