Unsafe PendingIntent in createQuickShareAction of SaveImageInBackgroundTask.java allows for background activity launch and local escalation of privilege without additional execution privileges needed

Unsafe PendingIntent in createQuickShareAction of SaveImageInBackgroundTask.java allows for background activity launch and local escalation of privilege without additional execution privileges needed

CVE-2023-35676 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.