The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://lgsecurity.lge.com/bulletins/mobile#updateDetails |
History
Fri, 20 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: LGE
Published: 2023-09-27T14:01:46.084Z
Updated: 2024-09-20T19:47:59.285Z
Reserved: 2023-09-26T05:57:13.719Z
Link: CVE-2023-44126
Vulnrichment
Updated: 2024-08-02T19:59:50.988Z
NVD
Status : Modified
Published: 2023-09-27T15:19:36.647
Modified: 2024-11-21T08:25:17.973
Link: CVE-2023-44126
Redhat
No data.