Code injection

In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-20450

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

PT-2022-14380 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to a confused deputy in multiple functions of AvatarPhotoController.java, which could allow access to content owned by system content providers. This may lead to...

Privilege escalation

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed...

PT-2020-11807 · Google +1 · Android +1

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: A heap buffer overflow in the extend frame highbd function of restoration.c could lead to a possible out of bounds write, resulting in remote information disclosure. This issue can b...