CVE-2023-29724

Vulnerability

The BT21 x BTS Wallpaper app version 12 (com.bungaakp007.bt21wallpaperoffline130920) for Android exposes a content provider (content://com.bungaakp007.bt21wallpaperoffline130920/wall) that allows any unauthorized application to request permission to modify the app's database, which stores user personal preferences data. This database is loaded into memory when the app is opened. The vulnerability exists in the specific APK version 12.0 available on APKPure [1].

Exploitation

An attacker requires a malicious Android application installed on the same device. No additional permissions or user interaction beyond installing the malicious app are needed. The attacker's app can directly call ContentResolver.update() on the exposed URI with arbitrary ContentValues to overwrite the database entries in an infinite loop, as demonstrated by the proof-of-concept code [1].

Impact

Successful exploitation allows the attacker to tamper with the database that records user personal preferences, leading to an escalation of privilege. The attacker gains the ability to control data that the app reads and uses, potentially altering app behavior or accessing elevated functions not intended for third-party apps [1].

Mitigation

As of the publication date, no fix has been released by the vendor (bungaakpstudio007). Users should uninstall the app or block the vulnerable content provider via a custom Android permission policy. The developer has not issued a patched version; the app may be considered abandoned or unmaintained [1].