Unauthorized Access to Non-Exported Content Provider Vulnerability Discovered in Motorola Phone Application
CVE-2023-41828

4.4MEDIUM

Key Information:

Vendor: Motorola
Status: Phones
Vendor: CVE Published:; 3 May 2024

Summary

An implicit intent export vulnerability has been identified within the Motorola Phone application. This issue may allow unauthorized users to access a non-exported content provider, potentially exposing sensitive user data regardless of the intended restrictions. The vulnerability highlights the importance of securing content providers against unintended access and ensuring that applications properly manage intent exports. Users of Motorola devices with the affected application should be aware of this security concern and consider implementing protective measures or applying patches as provided by the vendor.

Affected Version(s)

Phones < 2023-09-01

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 1, 2023

Credit

Sergey Toshin and Illia Khorolskyi of Oversecured (ovesecured.com