First published: Wed Jul 05 2023(Updated: )
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Credit: security@android.com security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =11.0 | |
Google Android | =12.0 | |
Google Android | =13.0 | |
Google Android | =13.1 | |
https://android.googlesource.com/platform/frameworks/base/+/57946e2bb73850e817b3c01fa5350d705e178e39
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.