The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://lgsecurity.lge.com/bulletins/mobile#updateDetails |
History
No history.
MITRE
Status: PUBLISHED
Assigner: LGE
Published: 2023-09-27T14:01:46.084Z
Updated: 2024-08-02T19:59:50.988Z
Reserved: 2023-09-26T05:57:13.719Z
Link: CVE-2023-44126
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-27T15:19:36.647
Modified: 2023-10-02T15:26:36.080
Link: CVE-2023-44126
Redhat
No data.