Motorola Face Unlock Vulnerability Allows Local Attacker Access to Unauthorized Content Providers
CVE-2023-41819

6.1MEDIUM

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

Summary

A vulnerability exists in the Motorola Face Unlock application that involves PendingIntent hijacking. This flaw may permit a local attacker to gain unauthorized access to sensitive content providers within the app. As a result, user data may be exposed to potential threats, emphasizing the importance of secure application development practices and the need for timely updates to mitigate such vulnerabilities.

Affected Version(s)

Phones < 2023-09-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 1, 2023

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com)