CVE-2023-44128 – LGInstallService - Deletion of arbitrary files with system privilege
https://notcve.org/view.php?id=CVE-2023-44128
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. La vulnerabilidad consiste en eliminar archivos arbitrarios en la aplicación LGInstallService ("com.lge.lginstallservies"). • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2023-44127 – Call management - Implicit activity intents disclose contact details and phone numbers
https://notcve.org/view.php?id=CVE-2023-44127
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. La vulnerabilidad es que la aplicación de administración de Llamadas ("com.android.server.telecom") parcheada por LG lanza intenciones implícitas que revelan datos sensibles a todas las aplicaciones de terceros instaladas en el mismo dispositivo. Esas intenciones incluyen datos como detalles de contacto y números de teléfono. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVE-2023-44126 – Call management - Implicit intents disclose telephony data such as phone numbers, call states, contacts
https://notcve.org/view.php?id=CVE-2023-44126
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc. La vulnerabilidad es que la aplicación de administración de llamadas ("com.android.server.telecom") parcheada por LG envía muchas transmisiones implícitas propiedad de LG que revelan datos sensibles a todas las aplicaciones de terceros instaladas en el mismo dispositivo. Esas intenciones incluyen datos como estados de llamadas, duraciones, números llamados, información de contactos, etc. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-925: Improper Verification of Intent by Broadcast Receiver •
CVE-2023-44125 – Personalized service - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking
https://notcve.org/view.php?id=CVE-2023-44125
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. La vulnerabilidad es el uso de PendingIntents implícitos sin el conjunto PendingIntent.FLAG_IMMUTABLE que conduce al robo y/o (sobre)escritura de archivos arbitrarios con privilegios del sistema en la aplicación de servicio personalizado ("com.lge.abba"). La aplicación del atacante, si tuviera acceso a las notificaciones de la aplicación, podría interceptarlas y redirigirlas a su actividad, antes de otorgar permisos de acceso a los proveedores de contenido con el indicador `android:grantUriPermissions="true"`. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-285: Improper Authorization •
CVE-2023-44124 – Screen recording - Theft of arbitrary files with system privilege
https://notcve.org/view.php?id=CVE-2023-44124
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage. La vulnerabilidad es el robo de archivos arbitrarios con privilegios del sistema en la aplicación de grabación de pantalla ("com.lge.gametools.gamerecorder") en el archivo "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java". • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-668: Exposure of Resource to Wrong Sphere CWE-927: Use of Implicit Intent for Sensitive Communication •