Wi-Fi MAC addresses leaked through high-privilege process
CVE-2023-38291
Currently unrated
What is CVE-2023-38291?
A security concern has been identified in certain Android devices manufactured by TCL and Motorola, where the Wi-Fi MAC address can be accessed through the 'ro.boot.wifimacaddr' system property. This situation arises because the MAC address is being leaked by a high-privilege process, allowing local apps without specific permissions to indirectly retrieve the information. Devices, including the TCL A3X, TCL 10L, Motorola Moto G Pure, and Moto G Power, are susceptible to this issue. Essentially, while Google has instituted measures to protect non-resettable device identifiers since Android 10, this vulnerability circumvents those protections, highlighting critical privacy risks for users.