Cross-User Message Data Access Vulnerability: Local Information Disclosure without User Interaction

Cross-User Message Data Access Vulnerability: Local Information Disclosure without User Interaction

CVE-2023-40113 · Severity

In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.