Topic starter
Description
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
- MISC: https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
- URL: https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792
- MISC: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
- URL: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2
- MISC: https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
- URL: https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
- MISC: https://source.android.com/security/bulletin/2024-03-01
- URL: https://source.android.com/security/bulletin/2024-03-01
Posted : 09/06/2024 8:57 am
