The vulnerability is an intent redirection in LG ThinQ Service (com.lge.lms2) in the com/lge/lms/things/ui/notification/NotificationManager.java file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action com.lge.lms.things.notification.ACTION. Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId=android.uid.system setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps.
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Android | 9.0 (including) | 13.0 (including) |
The attacks and consequences of improperly exporting a component may depend on the exported component: