CVE-2023-44129

Summary

CVE-2023-44129 is a vulnerability affecting the Messaging app patched by LG. The issue lies in the "com.android.mms.ui.QClipIntentReceiverActivity" activity, which forwards attacker-controlled intents back to the attacker. An attacker can exploit this vulnerability by launching this activity and broadcasting an intent with the "com.lge.message.action.QCLIP" action. By setting Intent.FLAG_GRANT_* flags and sending their own data/clipdata, the attacker can gain access to arbitrary content providers on the affected device that have the `android:grantUriPermissions="true"` flag set.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.