2 matches found
Android OS FLAG_SECURE Information Disclosure
Blog post here: https://wwws.nightwatchcybersecurity.com/2018/05/24/android-os-didnt-use-flagsecure-for-sensitive-settings-cve-2017-13243/ SUMMARY Android OS did not use the FLAGSECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with t...
CVE-2017-13243
CVE-2017-13243 affects Android System UI (Android 5.1.1 through 8.0). The root cause described in public materials is that FLAG_SECURE was not used to protect sensitive screens, enabling information disclosure to other apps with screen-capture permissions. The issue was acknowledged in Google’s P...