Home > Cyber News > CVE-2023-20963 Exploited by Chinese E-commerce App Pinduoduo

CVE-2023-20963 Exploited by Chinese E-commerce App Pinduoduo

CVE-2023-20963 is a highly severe Android vulnerability used as a zero-day attack.

What Is CVE-2023-20963 and Why Is It Dangerous?

The United States Cybersecurity and Infrastructure Security Agency (CISA) released recently a high-severity warning in regards to an Android vulnerability that is believed to have been exploited by the Chinese e-commerce app Pinduoduo as a zero-day attack. This Android Framework security flaw, tracked as CVE-2023-20963, enables attackers to gain enhanced privileges on unpatched Android devices without requiring any user interaction.
CVE-2023-20963 Exploited by Chinese E-commerce App Pinduoduo
According to its official description, CVE-2023-20963 is located in WorkSource, where there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. The flaw can be exploited without user interaction. Affected versions include Android 11, Android 12, Android 12L, and Android 13.

Google responded by issuing security updates in March, noting that the CVE-2023-20963 may be under limited, targeted exploitation. Subsequently, due to the presence of malware in some non-Google Play versions of Pinduoduo, the app was suspended by Google and later investigated by Kaspersky researchers. They discovered that the malicious code was exploiting Android vulnerabilities, including the CVE-2023-20963, to gain access to users’ data and device. Igor Golovin, a security researcher for Kaspersky, reported that some versions of the Pinduoduo app contained malicious code which would escalate privileges, download, and execute malicious modules that had access to users’ notifications and files.

U.S. Federal Civilian Executive Branch Agencies are facing a tight deadline set by CISA’s BOD 22-01 (Binding Operational Directive), which orders them to address the CVE-2023-20963 vulnerability that was added to CISA’s Known Exploited Vulnerabilities list on Thursday, May 4th. All flaws included in the KEV must be identified and remediated.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree