PT-2019-15541 · Opera · Opera Mini For Android

Publicado

2019-10-29

Atualizado

2021-07-21

CVE-2019-18624

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Opera Mini for Android versions 44.1.2254.142553 through 44.1.2254.143214

Description The issue allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (Right to Left Override) approach. This can be demonstrated by the misinterpretation of a malicious .apk file, such as malicious%E2%80%AEtxt.apk being misinterpreted as maliciouskpa.txt.

Recommendations For versions 44.1.2254.142553 through 44.1.2254.143214, update to a version that contains a fix for this issue to prevent the bypassing of restrictions on .apk file download/installation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-18624

Produtos afetados

Opera Mini For Android

PT-2019-15541 · Opera · Opera Mini For Android

CVE-2019-18624

Identificadores relacionados

Produtos afetados

Referências · 5