LG Call Management App Vulnerability: Sensitive Data Disclosure via Implicit Intents
CVE-2023-44127 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.
Learn more about our Cis Benchmark Audit For Google Android.