CVE-2023-29732
📋 TL;DR
SoLive Android app versions 1.6.14 through 1.6.20 have an exposed component that allows attackers to modify SharedPreference files. This can lead to various attacks including ad display manipulation and potentially more severe consequences depending on how the modified data is used. Only Android users of SoLive within the affected version range are impacted.
💻 Affected Systems
- SoLive
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete application compromise allowing data manipulation, privilege escalation, or remote code execution depending on how SharedPreference data is utilized by the app.
Likely Case
Ad display manipulation, UI corruption, or limited data tampering affecting user experience and potentially enabling further attacks.
If Mitigated
Limited impact with proper app sandboxing and validation, though data integrity within the app could still be compromised.
🎯 Exploit Status
Exploitation requires access to the Android device or ability to interact with the exposed component. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.21 or later
Vendor Advisory: https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29732/CVE%20detail.md
Restart Required: Yes
Instructions:
1. Update SoLive app from Google Play Store to version 1.6.21 or later. 2. Restart the application after update. 3. Verify the update was successful by checking app version in settings.
🔧 Temporary Workarounds
Disable SoLive app
androidTemporarily disable or uninstall the SoLive app until patched.
adb shell pm disable com.solive.app
adb uninstall com.solive.app
Restrict app permissions
androidLimit app permissions to minimum required functionality.
adb shell pm revoke com.solive.app android.permission.WRITE_EXTERNAL_STORAGE
🧯 If You Can't Patch
- Uninstall SoLive app completely from affected devices.
- Use Android work profile or containerization to isolate the app from sensitive data.
🔍 How to Verify
Check if Vulnerable:
Check SoLive app version in Android Settings > Apps > SoLive. If version is between 1.6.14 and 1.6.20 inclusive, the device is vulnerable.Check Version:
adb shell dumpsys package com.solive.app | grep versionNameVerify Fix Applied:
Verify SoLive app version is 1.6.21 or later in Android Settings > Apps > SoLive.📡 Detection & Monitoring
Log Indicators:
- Unexpected modifications to SharedPreference files
- Abnormal app behavior or crashes
- Suspicious activity in app logs related to data loading
Network Indicators:
- Unusual network traffic from SoLive app
- Connections to unexpected ad servers or domains
SIEM Query:
source="android_logs" app="SoLive" (event="shared_preference_modification" OR event="unexpected_data_load")