CVE-2023-42718

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 4, 2023

Updated: Dec 7, 2023

CWE ID 668

Summary

CVE-2023-42718 is a vulnerability affecting the dialer component of certain applications. This issue arises due to the lack of a necessary permission check, enabling an attacker to record usage permissions of a targeted app. Consequently, local information disclosure can occur without requiring any additional execution privileges. This vulnerability poses a risk to the privacy and security of affected users and should be addressed promptly through an update or patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sq_-xc
https://www.cve.org/CVERecord?id=CVE-2023-42718
https://nvd.nist.gov/vuln/detail/CVE-2023-42718

Back to Vulnerability Database