CVE-2023-21237 - Android Pixel Information Disclosure Vulnerability

Vulnerability Name

Android Pixel Information Disclosure Vulnerability

Description

Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://source.android.com/docs/security/bulletin/pixel/2023-06-01

https://nvd.nist.gov/vuln/detail/CVE-2023-21237