CVE-2023-21313
📋 TL;DR
CVE-2023-21313 is a local privilege escalation vulnerability in Android Core that allows malicious apps to forward calls without user knowledge due to a missing permission check. This affects Android devices running vulnerable versions, potentially allowing attackers to escalate privileges locally without user interaction.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain elevated system privileges, potentially accessing sensitive data, intercepting communications, or installing persistent malware on the device.
Likely Case
Malicious apps could abuse call forwarding capabilities to intercept or redirect calls without user consent, leading to privacy violations and potential financial fraud.
If Mitigated
With proper patching and app permission controls, the attack surface is significantly reduced, though legacy devices may remain vulnerable.
🎯 Exploit Status
Exploitation requires a malicious app to be installed on the device. No user interaction is needed once the app is installed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android 14 and later
Vendor Advisory: https://source.android.com/docs/security/bulletin/android-14
Restart Required: Yes
Instructions:
1. Update Android device to Android 14 or later. 2. Go to Settings > System > System update. 3. Check for and install available updates. 4. Restart device after installation.
🔧 Temporary Workarounds
Restrict app installations
androidOnly install apps from trusted sources like Google Play Store and avoid sideloading unknown apps.
Review app permissions
androidRegularly review and restrict app permissions, especially for call-related permissions.
🧯 If You Can't Patch
- Implement mobile device management (MDM) to control app installations and permissions
- Use application allowlisting to only permit trusted apps on corporate devices
🔍 How to Verify
Check if Vulnerable:
Check Android version in Settings > About phone > Android version. If version is below 14, device is vulnerable.Check Version:
Settings > About phone > Android versionVerify Fix Applied:
Verify Android version is 14 or higher in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Unusual call forwarding activities in telephony logs
- Apps requesting call permissions without user interaction
Network Indicators:
- Unexpected call forwarding patterns in telephony systems
SIEM Query:
Search for telephony logs showing call forwarding initiated by apps without user consent events