CVE-2023-30700

Vulnerability

A PendingIntent hijacking vulnerability exists in the SemWifiApTimeOutImpl class of the Android framework on Samsung devices. Affected versions are those prior to the SMR Aug-2023 Release 1 security update. The bug allows a malicious app to intercept and modify a PendingIntent, leading to unauthorized access to a ContentProvider that should require specific permissions.

Exploitation

An attacker with local access to the device can exploit this by crafting a malicious PendingIntent that intercepts the intended one. No additional authentication or privileges are needed beyond installing an app on the device. The attacker then triggers the hijacked intent, which performs a permission check against the attacker's app rather than the original sender, allowing access to the ContentProvider.

Impact

Successful exploitation enables the attacker to read or modify data stored in the vulnerable ContentProvider, which may include sensitive device or user information, such as Wi-Fi configuration details or other system data. This results in a confidentiality and integrity breach, with the attacker gaining unauthorized data access without the intended permission enforcement.

Mitigation

Samsung released a fix as part of the SMR Aug-2023 Release 1 security update [1]. Users should ensure their device is updated to the latest security patch level. No workaround exists other than applying the update.