CVE-2024-0044, identified in the createSessionInternal function of the PackageInstallerService.java file, is a high-severity vulnerability affecting Android versions 12 and 13. This vulnerability allows an attacker to perform a “run-as any app” attack, leading to local escalation of privilege without requiring user interaction.The issue arises due to improper input validation within the createSessionInternal function. An attacker can exploit this by manipulating the session creation process, potentially gaining unauthorized access to sensitive data and performing unauthorized actions on the affected device
Exfiltrate sensitive user data from apps on Android 12 and 13 using CVE-2024-0044 vulnerability remotely
CVE-2024-0044: a “run-as any app” high-severity vulnerability affecting Android versions 12 and 13
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
What do you think?
It is nice to know your opinion. Leave a comment.