CVE-2023-43955

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 27, 2023
Updated: Jan 9, 2024
CWE ID 94

Summary

CVE-2023-43955 is a vulnerability affecting the com.phlox.tvwebbrowser TV Bro application for Android. This issue arises from the mishandling of external intents within the WebView component. Attackers can exploit this weakness by deploying JavaScript codes that utilize the takeBlobDownloadData function. As a result, they can execute arbitrary code, create arbitrary files, and trigger downloads, posing a significant risk to user data and system security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share