Lucene search

GoogleOSV:ASB-A-252762941

HistoryApr 01, 2023 - 12:00 a.m.

[2 of 2] App can access microphone in a foreground service without declaring microphone foreground service type as an attribute of <service> component. [ 2. android.telecom.CallScreeningService service continuously recording]

2023-04-0100:00:00

Google

osv.dev

microphone access

foreground service

privacy indicator bypass

local privilege escalation

user interaction exploit

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/packages/services/telecommeq12
platform/packages/services/telecommeq12L
platform/packages/services/telecommeq13
platform/packages/services/telecommeq11

Name	Operator	Version
platform/packages/services/telecomm	eq	12
platform/packages/services/telecomm	eq	12L
platform/packages/services/telecomm	eq	13
platform/packages/services/telecomm	eq	11

References

android.googlesource.com/platform/packages/services/Telecomm/+/8b32e15214910a310e5f7391e739ac1043af3bf9

source.android.com/security/bulletin/2023-04-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:ASB-A-252762941