Vulnerabilities

CVE-2024-0014

by Fred · 16/02/2024

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

More information : https://source.android.com/security/bulletin/2024-02-01

Attack vector : LOCAL
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 7.8
Base severity : HIGH
Exploitability score : 1.8
Impact score : 5.9

Similar

Tags: Cybersecurity Alert