In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2023-10-30T16:56:33.193Z

Updated: 2024-09-06T19:58:06.508Z

Reserved: 2022-11-03T22:37:50.661Z

Link: CVE-2023-21331

cve-icon Vulnrichment

Updated: 2024-08-02T09:36:33.220Z

cve-icon NVD

Status : Modified

Published: 2023-10-30T17:15:49.277

Modified: 2024-11-21T07:42:39.330

Link: CVE-2023-21331

cve-icon Redhat

No data.