CVE-2018-9501

Name of the Vulnerable Software and Affected Versions Android versions 7.0 through 9.0

Description The issue is related to a permissions bypass in the SetupWizard, which could allow for a Factory Reset Protection bypass. This might lead to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation. The estimated number of potentially affected devices is not specified.

Recommendations For Android versions 7.0 through 9.0, consider restricting access to the SetupWizard until a patch is available. As a temporary workaround, disabling the SetupWizard may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.