Vulnerability description
google Android 14(smart phoneA vulnerability was discovered in the operating system (CVE-2023-21336), in the input method, due to side channel information leakage, there is a possible way to determine whether the application is installed without querying permissions. This may lead to local information disclosure without requiring additional execution permissions. Exploitation of this vulnerability requires no user interaction.
Impact of the vulnerability:
Affected software
# Type Manufacturer Product Version Impact Area
1 System google android * Up to(excluding)14.0
Impact assessment on application developers:
Google has released patches for some system security vulnerabilities in Android 14. Based on system security considerations, Huawei has assessed that these vulnerability patches need to be incorporated into existing and subsequent system versions. Google's patch number is CVE-2023-21336. After integration, the return values of the getEnabledInputMethodList and getInputMethodList interfaces in the Google interface InputMethodManager class will change, which may have an impact on the business. If the application involves calls to these two interfaces, it is recommended to add queries permissions in AndroidManifest.xml to avoid any impact. It will have a certain impact on developers.
This article is from a contribution, does not represent the position of the Chief Security Officer, if reproduced, please specify the source: https://cncso.com/en/google-android-14-input-method-information-disclosure-html
