CVE-2023-21237

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 28, 2023
Updated: Aug 14, 2024
CWE ID 200

Summary

CVE-2023-21237 is a vulnerability affecting Android versions 13 and above, specifically in the NotificationContentInflater.java file of the Android operating system. The issue lies within the "applyRemoteView" function, which has a potential security flaw. Hackers can exploit this vulnerability to hide foreground service notifications through misleading or insufficient UI, leading to local information disclosure. No additional execution privileges or user interaction are required to exploit this vulnerability. Product ID: A-251586912.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share