CVE-2023-33293 was published today, outlining an information disclosure concern with api-daemon whereby websites can determine what apps and which versions are installed on KaiOS 3.0 and 3.1 devices. Photo of app list with versions exposed on Alcatel Go Flip 4 (KaiOS 3.0) browser Why it matters? KaiOS 3.0 & 3.1 users in the US are disclosing what apps and which versions they have installed to websites they visit. What can attackers do with this vulnerability?
