Unsafe PendingIntent in createQuickShareAction of SaveImageInBackgroundTask.java allows for background activity launch and local escalation of privilege without additional execution privileges needed
CVE-2023-35676 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Learn more about our User Device Pen Test.