Design/Logic Flaw

2019-10-2919:15:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.7%

JSON

Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214.

CPENameOperatorVersion
minieq44.1.2254.142553
minieq44.1.2254.142659
minieq44.1.2254.143214

Name	Operator	Version
mini	eq	44.1.2254.142553
mini	eq	44.1.2254.142659
mini	eq	44.1.2254.143214

References

firstsight.me/2019/10/illegal-rendered-at-download-feature-in-several-apps-including-opera-mini-that-lead-to-extension-manipulation-with-rtlo/

medium.com/@YoKoKho/illegal-rendered-at-download-feature-in-opera-mini-that-lead-to-extension-manipulation-with-rtlo-685bf2d77d51