Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40130

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#vulnerability#android#google#java#auth

)]}’ { "commit": "5b335401d1c8de7d1c85f4a0cf353f7f9fc30218", "tree": "85b52fe7ec98818de079ea0df2d775b8c39a2655", "parents": [ “dd302d211bd8b935464b48551a76ef718bf33ccc” ], "author": { "name": "Grace Jia", "email": "[email protected]", "time": “Thu Jul 20 13:42:50 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Aug 10 17:13:01 2023 +0000” }, "message": "Fix vulnerability in CallRedirectionService.\n\nCurrently when the CallRedirectionService binding died, we didn\u0027t do\nanything, which cause malicious app start activities even not run in the\nbackground by implementing a CallRedirectionService and overriding the\nonPlaceCall method to schedule a activity start job in an independent\nprocess and then kill itself. In that way, the activity can still\nstart after the CallRedirectionService died. Fix this by unbinding the\nservice when the binding died.\n\nBug: b/289809991\nTest: Using testapp provided in bug to make sure the test activity can\u0027t\nbe started\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:29b52e3cd027da2d8644450a4dee3a7d95dc0043)\nMerged-In: I065d361b83700474a1efab2a75928427ee0a14ba\nChange-Id: I065d361b83700474a1efab2a75928427ee0a14ba\n", "tree_diff": [ { "type": "modify", "old_id": "226382bde4ab09d0efc1ec408db64c7e3c2cf633", "old_mode": 33188, "old_path": "src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java", "new_id": "02debcd6c1b5710c2a7a14cd97165ff3d8e080cc", "new_mode": 33188, "new_path": “src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java” } ] }

Related news

CVE-2023-5801: November

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907