PT-2019-11164 · Google · Android
Publicado
2019-02-11
·
Atualizado
2019-02-12
·
CVE-2018-9586
CVSS v3.1
7.0
Alta
| Vetor | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Android versions 7.0 through 9
Description:
A race condition in the InstallPackageTask.java of Android can cause package verification to be turned off and remain off. This issue could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.
Recommendations:
For Android versions 7.0 through 9, apply the fix provided by the Android security update to resolve the issue.
Correção
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android