Media Resumption Control Vulnerability: Unauthorized Access to Media Files on Shared Device

Media Resumption Control Vulnerability: Unauthorized Access to Media Files on Shared Device

CVE-2023-35675 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.