CVE-2023-21237
CVE-2023-21237
In short
A flaw in Android's notification system allows an app to hide foreground service notifications through misleading UI elements, potentially concealing what services are running on your device. This is a local issue that doesn't require special permissions or user interaction.
Technical detail
CWE-200 information disclosure vulnerability in NotificationContentInflater.applyRemoteView() allows local attackers to obscure foreground service notifications via deceptive UI manipulation, enabling unauthorized service execution awareness suppression without elevated privileges or user interaction.
Summary generated and translated by AI from the official description.
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · AndroidWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →