top of page

Android devices at risk from active exploitation of CVE-2023-20963

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), there are two vulnerabilities that are being actively exploited. The first is CVE-2023-20963, which is an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. The second is a flaw in the Android Framework that allows for privilege escalation. Google has acknowledged that there are indications that CVE-2023-20963 is being exploited and that the Android Framework contains a flaw that is also being exploited. These vulnerabilities are being exploited by malware-laced apps that are signed by China's e-commerce company Pinduoduo. These apps are designed to inflation the number of Pinduoduo daily active users and monthly active users, uninstall rival apps, access notifications and location information, and prevent themselves from being uninstalled. The app is also designed to track user activity on other shopping apps. These vulnerabilities present a serious security risk for Android users. If you have an Android device, you should check to see if you have any apps from Pinduoduo installed and remove them if you do. You should also be sure to keep your device up-to-date with the latest security patches.


bottom of page