The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.
2023-09-27T15:19:36.647
2024-11-21T08:25:17.973
Modified
CVSSv3.1: 3.6 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | android | ≤ 13.0 | Yes | |
| Hardware | lg | v60_thin_q_5g | - | No |