Preface: A2DP is a protocol supported on most Bluetooth Audio devices. Opus is open source , OPUS a2dp being introduced in Android 13.
Background: In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Such design weakness published on 30th Oct, 2023. The CVE reference is CVE-2023-21361.
The advantages of using C++ for Android app development is its ability to create cross-platform apps. By writing platform-agnostic code in C++, you can reuse it for developing iOS apps using tools like Apple’s Xcode and Swift. This allows for efficient code sharing between Android and iOS platforms.
Vulnerability details: In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-40078