CVE-2023-35667
📋 TL;DR
This vulnerability in Android's Settings app allows attackers to hide approved notification listeners from the settings interface due to a logic error. This could enable local privilege escalation without requiring user interaction or additional permissions. All Android devices running vulnerable versions are affected.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain elevated privileges on the device, potentially accessing sensitive data or installing malicious apps without user knowledge.
Likely Case
Malicious apps could hide their notification listener permissions from users, maintaining persistence and access to notifications even after users try to revoke permissions.
If Mitigated
With proper patching, the vulnerability is eliminated; without patching, risk is reduced by limiting app installations to trusted sources only.
🎯 Exploit Status
Exploitation requires a malicious app to be installed on the device, but no user interaction is needed once installed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: September 2023 Android Security Patch or later
Vendor Advisory: https://source.android.com/security/bulletin/2023-09-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > System update. 2. Install the September 2023 or later Android security patch. 3. Restart the device after installation.
🔧 Temporary Workarounds
Restrict app installations
allOnly install apps from trusted sources like Google Play Store and avoid sideloading unknown apps.
🧯 If You Can't Patch
- Monitor installed apps regularly and remove any suspicious or unknown applications
- Use mobile device management (MDM) solutions to restrict app installations on enterprise devices
🔍 How to Verify
Check if Vulnerable:
Check Android version and security patch level in Settings > About phone > Android version. If security patch level is before September 2023, the device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify the security patch level shows September 2023 or later in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Unusual notification listener permissions being granted or modified
- Apps requesting notification listener access unexpectedly
Network Indicators:
- No network indicators for this local vulnerability
SIEM Query:
No specific SIEM query as this is a local device vulnerability🔗 References
- https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085
- https://source.android.com/security/bulletin/2023-09-01
- https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085
- https://source.android.com/security/bulletin/2023-09-01
