CVE-2019-15341

Name of the Vulnerable Software and Affected Versions Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys

Description The pre-installed platform app com.lovelyfont.defcontainer contains an exported service named com.lovelyfont.manager.service.FunctionService. This service allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file, which it will dynamically load and execute with system privileges. This can enable a third-party app to perform various malicious actions, such as video recording the user's screen, factory resetting the device, obtaining the user's notifications, reading logcat logs, injecting events in the Graphical User Interface (GUI), and obtaining the user's text messages.

Recommendations For the Tecno Camon iAir 2 Plus Android device, consider disabling the com.lovelyfont.manager.service.FunctionService service as a temporary workaround to minimize the risk of exploitation. Restrict access to the com.lovelyfont.defcontainer app to prevent potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.