CVE-2023-44129

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Sep 27, 2023
Updated: Oct 2, 2023
CWE ID 926

Summary

CVE-2023-44129 is a vulnerability affecting the Messaging app patched by LG. The issue lies in the "com.android.mms.ui.QClipIntentReceiverActivity" activity, which forwards attacker-controlled intents back to the attacker. An attacker can exploit this vulnerability by launching this activity and broadcasting an intent with the "com.lge.message.action.QCLIP" action. By setting Intent.FLAG_GRANT_* flags and sending their own data/clipdata, the attacker can gain access to arbitrary content providers on the affected device that have the `android:grantUriPermissions="true"` flag set.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share