CVE-2019-15743

Name of the Vulnerable Software and Affected Versions Sony Xperia Touch Android device with a build fingerprint of Sony/blanc windy/blanc windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys

Description The issue concerns a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device, enabling a third-party app to use its open interface to record audio to external storage.

Recommendations For the Sony Xperia Touch Android device, consider restricting access to the com.sonymobile.android.maintenancetool.testmic app to minimize the risk of exploitation. As a temporary workaround, consider disabling the app's ability to record audio to external storage until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.