{"id":"ASB-A-261589597", "published":"2023-05-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21109", "A-261589597"], "details":"In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-05-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["48694407734698710333817151001293651637", "314536423431872940325646138748132163141", "158041874584000712439746295766875668738", "329939988617601460708251749600273920647"], "threshold":0.9}, "id":"ASB-A-261589597-2d03f03d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":true, "digest":{"line_hashes":["147900558044786314545792267672359057071", "305030024658995885760197020537217538051", "34580958047436048544740729871600899808", "63745783541070982358345387298588196107"], "threshold":0.9}, "id":"ASB-A-261589597-80c396fd", "match_only_versions":["13-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"}}, {"deprecated":true, "digest":{"function_hash":"165698572771369437219152039154783444871", "length":424}, "id":"ASB-A-261589597-b6f86095", "match_only_versions":["13-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java", "function":"sendServiceInfo"}}, {"deprecated":true, "digest":{"function_hash":"327644116232500776411480852830376714587", "length":1392}, "id":"ASB-A-261589597-b7f90edc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"readInstalledAccessibilityServiceLocked"}}, {"deprecated":true, "digest":{"line_hashes":["170037414358564621991525497824986822371", "244205176284508835220576540860640103823", "118372462599051336567357512769278181216", "314577834603114930318408273265161439235", "97382286431948649308030780653505556793", "233867508006465175029397194017396114778", "98606073892487192750627463589260288854"], "threshold":0.9}, "id":"ASB-A-261589597-f758204d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693", "target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-05-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["170037414358564621991525497824986822371", "244205176284508835220576540860640103823", "118372462599051336567357512769278181216", "314577834603114930318408273265161439235", "97382286431948649308030780653505556793", "233867508006465175029397194017396114778", "98606073892487192750627463589260288854"], "threshold":0.9}, "id":"ASB-A-261589597-3bc0e283", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"}}, {"deprecated":false, "digest":{"function_hash":"327644116232500776411480852830376714587", "length":1392}, "id":"ASB-A-261589597-3e315a52", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"readInstalledAccessibilityServiceLocked"}}, {"deprecated":false, "digest":{"function_hash":"291975609762650079011159303815140279746", "length":400}, "id":"ASB-A-261589597-94b2da83", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java", "function":"sendServiceInfo"}}, {"deprecated":false, "digest":{"line_hashes":["161630145876711414564351607509148585028", "208779422458420669090741997733246251966", "53421519010825774745735383141132778459", "63745783541070982358345387298588196107"], "threshold":0.9}, "id":"ASB-A-261589597-9bb88a62", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"}}, {"deprecated":false, "digest":{"line_hashes":["48694407734698710333817151001293651637", "314536423431872940325646138748132163141", "158041874584000712439746295766875668738", "329939988617601460708251749600273920647"], "threshold":0.9}, "id":"ASB-A-261589597-f10861cb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-05-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"291975609762650079011159303815140279746", "length":400}, "id":"ASB-A-261589597-1ab4ea24", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java", "function":"sendServiceInfo"}}, {"deprecated":false, "digest":{"line_hashes":["48694407734698710333817151001293651637", "314536423431872940325646138748132163141", "158041874584000712439746295766875668738", "329939988617601460708251749600273920647"], "threshold":0.9}, "id":"ASB-A-261589597-2a3eff5a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"327644116232500776411480852830376714587", "length":1392}, "id":"ASB-A-261589597-6fc63038", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"readInstalledAccessibilityServiceLocked"}}, {"deprecated":false, "digest":{"line_hashes":["161630145876711414564351607509148585028", "208779422458420669090741997733246251966", "53421519010825774745735383141132778459", "63745783541070982358345387298588196107"], "threshold":0.9}, "id":"ASB-A-261589597-797cbd00", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"}}, {"deprecated":false, "digest":{"line_hashes":["170037414358564621991525497824986822371", "244205176284508835220576540860640103823", "118372462599051336567357512769278181216", "314577834603114930318408273265161439235", "97382286431948649308030780653505556793", "233867508006465175029397194017396114778", "98606073892487192750627463589260288854"], "threshold":0.9}, "id":"ASB-A-261589597-de61399c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-05-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["48694407734698710333817151001293651637", "314536423431872940325646138748132163141", "158041874584000712439746295766875668738", "329939988617601460708251749600273920647"], "threshold":0.9}, "id":"ASB-A-261589597-027c2757", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"327644116232500776411480852830376714587", "length":1392}, "id":"ASB-A-261589597-2b4a7cfa", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"readInstalledAccessibilityServiceLocked"}}, {"deprecated":false, "digest":{"line_hashes":["170037414358564621991525497824986822371", "244205176284508835220576540860640103823", "118372462599051336567357512769278181216", "314577834603114930318408273265161439235", "97382286431948649308030780653505556793", "233867508006465175029397194017396114778", "98606073892487192750627463589260288854"], "threshold":0.9}, "id":"ASB-A-261589597-481d026d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"}}, {"deprecated":false, "digest":{"function_hash":"291975609762650079011159303815140279746", "length":400}, "id":"ASB-A-261589597-ae8f7c85", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java", "function":"sendServiceInfo"}}, {"deprecated":false, "digest":{"line_hashes":["161630145876711414564351607509148585028", "208779422458420669090741997733246251966", "53421519010825774745735383141132778459", "63745783541070982358345387298588196107"], "threshold":0.9}, "id":"ASB-A-261589597-f884e09c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-05-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["170037414358564621991525497824986822371", "244205176284508835220576540860640103823", "118372462599051336567357512769278181216", "314577834603114930318408273265161439235", "97382286431948649308030780653505556793", "233867508006465175029397194017396114778", "98606073892487192750627463589260288854"], "threshold":0.9}, "id":"ASB-A-261589597-106d560a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"}}, {"deprecated":false, "digest":{"function_hash":"291975609762650079011159303815140279746", "length":400}, "id":"ASB-A-261589597-20867de9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java", "function":"sendServiceInfo"}}, {"deprecated":false, "digest":{"line_hashes":["161630145876711414564351607509148585028", "208779422458420669090741997733246251966", "53421519010825774745735383141132778459", "63745783541070982358345387298588196107"], "threshold":0.9}, "id":"ASB-A-261589597-48184e17", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"}}, {"deprecated":false, "digest":{"function_hash":"327644116232500776411480852830376714587", "length":1392}, "id":"ASB-A-261589597-5a86d5d4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"readInstalledAccessibilityServiceLocked"}}, {"deprecated":false, "digest":{"line_hashes":["48694407734698710333817151001293651637", "314536423431872940325646138748132163141", "158041874584000712439746295766875668738", "329939988617601460708251749600273920647"], "threshold":0.9}, "id":"ASB-A-261589597-c160e3ad", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/2c1f16db893680b0db29ffa222652fea3e5b87e0"}]}