CVE-2023-29757
Description
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Blue Light Filter v.1.5.5 for Android allows unauthorized apps to escalate privilege by manipulating SharedPreference files.
Vulnerability
Blue Light Filter version 1.5.5 (package com.eyefilter.nightmode.bluelightfilter) exposes a content provider that allows unauthorized applications to modify data in the app's SharedPreference file. The provider is accessible via the URI content://com.eyefilter.nightmode.bluelightfilter.PREFFERENCE_AUTHORITY/a/a. By inserting content values, any app on the device can change critical configuration fields such as dim, filter_capacity, language_index, and current_ct. The affected version is 1.5.5, as published on the Google Play Store by Leap Fitness Group [1].
Exploitation
An attacker does not require any special permissions other than the ability to interact with Android content providers—a capability available to all installed applications. The attack is performed by crafting a ContentValues object and inserting it into the exposed content URI. The proof-of-concept (PoC) code from the reference demonstrates inserting values like dim, filter_capacity, language_index, and current_ct. These values are immediately applied because the application reads the SharedPreference file at startup and likely during runtime [1].
Impact
Successful manipulation of the SharedPreference file leads to an escalation of privilege. An unauthorized app can alter the blue light filter's behavior such as changing the color temperature (current_ct) to extreme values, causing abnormal screen display. This can effectively degrade user experience or deny proper functionality, amounting to a denial of service (DoS) and unauthorized modification of app settings. The attacker gains the ability to control app preferences without proper authorization [1].
Mitigation
As of the publication date (2023-06-09), no official fix or updated version has been released by Leap Fitness Group. Users are advised to exercise caution when installing untrusted apps, as any malicious app on the same device can exploit this vulnerability. The vendor has not provided a workaround or patch, and the application remains vulnerable. There is no indication that this CVE is listed in the Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Blue Light Filter/Blue Light Filterdescription
- Range: =1.5.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.