Login Sign Up

CVE-2023-35676

7.8 HIGH

📋 TL;DR

This vulnerability allows local privilege escalation on Android devices through an unsafe PendingIntent in the Quick Share functionality. Attackers can trigger background activity launches without user interaction, potentially gaining elevated privileges. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Android OS
Versions: Android 11, 12, 12L, 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the vulnerable Quick Share implementation; requires specific Android framework versions.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malware, data theft, and persistent backdoor access.

🟠

Likely Case

Limited privilege escalation allowing access to sensitive app data and system functions.

🟢

If Mitigated

No impact if patched; otherwise, risk depends on device security settings and user behavior.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or app-based access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with device access can exploit this without additional permissions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting a malicious app or having local access; no user interaction needed once triggered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin September 2023 patches

Vendor Advisory: https://source.android.com/security/bulletin/2023-09-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the September 2023 security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable Quick Share

android

Temporarily disable the Quick Share feature to prevent exploitation.

Settings > Connected devices > Connection preferences > Quick Share > Turn off

🧯 If You Can't Patch

  • Restrict installation of unknown apps from untrusted sources
  • Use mobile device management (MDM) to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 11, 12, 12L, or 13 without September 2023 patches, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level in Settings > About phone > Android version. Ensure 'Android security update' shows September 5, 2023 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual background activity launches from SaveImageInBackgroundTask
  • Suspicious PendingIntent usage in system logs

Network Indicators:

  • None - this is a local exploit

SIEM Query:

Not applicable for typical SIEM monitoring as this is a local device vulnerability

📊 Metadata

CVE ID: CVE-2023-35676
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: September 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35676, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)