> Lookout’s forensic analysis of two Pinduoduo APK app samples released prior to March 5 ... has determined that both contain malicious code that exploits CVE-2023-20963, the Android privilege-escalation vulnerability that wouldn’t become public until March 6 and wouldn’t be patched in user devices for up to two weeks later.
Though it says it was exploited before Google's disclosure (not sure if disclosure is referring to the timing of the patch, but the linked Google post is from 6th March).
> This privilege-escalation flaw, which was exploited prior to Google’s disclosure
pavon|2 years ago
> Lookout’s forensic analysis of two Pinduoduo APK app samples released prior to March 5 ... has determined that both contain malicious code that exploits CVE-2023-20963, the Android privilege-escalation vulnerability that wouldn’t become public until March 6 and wouldn’t be patched in user devices for up to two weeks later.
jgalt212|2 years ago
> Google patched in updates that became available to end users two weeks ago.
jcul|2 years ago
> This privilege-escalation flaw, which was exploited prior to Google’s disclosure
OneLeggedCat|2 years ago