Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#java#auth#sap

)]}’ { "commit": "d8355ac47e068ad20c6a7b1602e72f0585ec0085", "tree": "f8cac26c332efe2eea5230b368e944cfd75b4582", "parents": [ “185bd5b809d252a866952cec5b97897fd261447b” ], "author": { "name": "Matías Hernández", "email": "[email protected]", "time": “Mon Jun 05 18:24:04 2023 +0200” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Fri Jul 14 17:31:24 2023 +0000” }, "message": "Don\u0027t hide approved NLSes in Settings\n\nNote that an NLS that shouldn\u0027t be approvable (because its name is too long) but was already approved (either before the max length check was introduced, or through other means) will disappear from the list if the user revokes its access. This might be somewhat confusing, but since this is a very-edge case already it\u0027s fine.\n\nBug: 282932362\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ff255c6eda1528f01a167a9a65b7f8e414d28584)\nMerged-In: I4c9faea68e6d16b1a4ec7f472b5433cac1704c06\nChange-Id: I4c9faea68e6d16b1a4ec7f472b5433cac1704c06\n", "tree_diff": [ { "type": "modify", "old_id": "56d3f0e445c773b94df4971107f6755ded8d7d32", "old_mode": 33188, "old_path": "src/com/android/settings/notification/NotificationAccessSettings.java", "new_id": "369c4f6dfaf81bcd91d764eff38c6309c16504bb", "new_mode": 33188, "new_path": “src/com/android/settings/notification/NotificationAccessSettings.java” }, { "type": "modify", "old_id": "150dbe0483d208bd64bf5892f7b48ecc32add162", "old_mode": 33188, "old_path": "src/com/android/settings/notification/NotificationBackend.java", "new_id": "cbc3e72e224cb8347af1437cd7b7629178946de9", "new_mode": 33188, "new_path": “src/com/android/settings/notification/NotificationBackend.java” }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "e644c2975b71fecf26e47754f6d77f4aab142a3a", "new_mode": 33188, "new_path": “tests/robotests/src/com/android/settings/notification/NotificationAccessSettingsTest.java” } ] }

Related news

CVE-2023-44109: October

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-35684: Android Security Bulletin—September 2023

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907