PT-2019-16217 · Google · Android

Publicado

2019-08-20

Atualizado

2020-08-24

CVE-2019-2125

CVSS v3.1

7.3

Alta

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions 7.0 through 9

Description The issue is related to a possible escalation of privilege due to an overlay attack in the ChangeDefaultDialerDialog.java file. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is necessary for exploitation.

Recommendations For Android versions 7.0 through 9, apply the fix provided by the Android security update to resolve the issue.

Correção

Clickjacking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1021

Identificadores relacionados

CVE-2019-2125

Produtos afetados

Android

PT-2019-16217 · Google · Android

CVE-2019-2125

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3