CVE-2018-9489

Name of the Vulnerable Software and Affected Versions Android versions 7.0 through 9.0

Description The issue concerns information disclosure when WiFi is switched, involving the sendNetworkStateChangeBroadcast function of WifiStateMachine.java. This function broadcasts an intent that includes detailed WiFi network information, potentially leading to information disclosure without requiring execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions 7.0 through 9.0, consider restricting access to the WiFi network information broadcast by the sendNetworkStateChangeBroadcast function of WifiStateMachine.java to minimize the risk of information disclosure. As a temporary workaround, consider disabling the sendNetworkStateChangeBroadcast function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.