Information Exposure Vulnerability in AT&T, Nokia, and BLU Devices

CVE-2023-38299

Summary

Certain builds of AT&T Calypso, Nokia C100, Nokia C200, and BLU View 3 devices exhibit a vulnerability that allows local applications to access the device's IMEI through an insecure system property. This exposure occurs as the IMEI is inadvertently made readable by high-privilege processes, bypassing the restrictions imposed by Android for third-party applications. Specifically, the IMEI is exposed through the 'persist.sys.imei1' property, enabling risk for unwanted data access and potential abuse. Immediate attention is needed for users of the affected devices to safeguard their sensitive information.

References