Implicit Intent Vulnerability in Motorola Phone Calls App Allows Reading Calling Phone Number and Data
CVE-2023-41824

2.8LOW

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

Summary

A reported vulnerability in the Motorola Phone Calls application allows local attackers to exploit implicit intents, potentially enabling unauthorized access to sensitive calling information, including phone numbers and call details. This vulnerability highlights the importance of secure intent handling within applications to prevent data exposure.

Affected Version(s)

Phones < 2023-12-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 1, 2023

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com)