LG Call Management App Vulnerability: Sensitive Data Disclosure via Implicit Intents

LG Call Management App Vulnerability: Sensitive Data Disclosure via Implicit Intents

CVE-2023-44127 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Learn more about our Cis Benchmark Audit For Google Android.