Android Intent Resolver Image Leak Vulnerability Allowing Local Information Disclosure

A vulnerability exists in the Android Intent Resolver module, specifically in versions 13 through 16, that may lead to unintended image leakage across user isolation boundaries. This issue arises from a 'confused deputy' scenario, allowing local information disclosure without requiring additional execution privileges. Exploitation of this vulnerability necessitates user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized local access to sensitive information, specifically images, across user isolation boundaries.

Reproduction

The vulnerability can be reproduced by launching an image editor through the sharesheet while the 'use_preferred_image_editor' flag is off or unavailable. This can be done by selecting an image and choosing to edit it, which will trigger the sharesheet. If the preferred image editor option is not set, the vulnerability will occur, allowing the image to be leaked across user boundaries.

Remediation

Users can update their devices to the September 2025 security patch level to address this vulnerability.