Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-35669

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#java#auth

)]}’ { "commit": "f810d81839af38ee121c446105ca67cb12992fc6", "tree": "b2589522f06167da4811d58d8b9a0bc6f4357734", "parents": [ “109e58b62dc9fedcee93983678ef9d4931e72afa” ], "author": { "name": "Dmitry Dementyev", "email": "[email protected]", "time": “Wed Jul 05 10:45:04 2023 -0700” }, "committer": { "name": "Duy Truong", "email": "[email protected]", "time": “Wed Jul 19 17:51:46 2023 -0700” }, "message": "Update AccountManagerService checkKeyIntentParceledCorrectly.\n\nBug: 265798288\nTest: manual\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8476b140eed0235df4e8f07d94420a1471191b55)\nMerged-In: Ia2030a9dc371dccadd4e188a529351ac4232bb4f\nChange-Id: Ia2030a9dc371dccadd4e188a529351ac4232bb4f\n", "tree_diff": [ { "type": "modify", "old_id": "639f35e1ae13895c1c785e78b1f99ffa3ac414e0", "old_mode": 33188, "old_path": "services/core/java/com/android/server/accounts/AccountManagerService.java", "new_id": "7a19d034c2c820b6197c6c37ae94cbada72926a2", "new_mode": 33188, "new_path": “services/core/java/com/android/server/accounts/AccountManagerService.java” } ] }

Related news

CVE-2023-44109: October

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-35684: Android Security Bulletin—September 2023

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907