Possible bypass of background launch restrictions in updatePictureInPictureMode of ActivityRecord.java

Possible bypass of background launch restrictions in updatePictureInPictureMode of ActivityRecord.java

CVE-2023-21145 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.