CVE-2018-14980

Name of the Vulnerable Software and Affected Versions ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US Phone/ASUS X008 1:7.0/NRD90M/US Phone-14.14.1711.92-20171208:user/release-keys

Description The android framework in the ASUS ZenFone 3 Max Android device has been modified, allowing any app to initiate taking a screenshot and write it to external storage without user transparency. The device shows a screen animation and a notification when a screenshot is taken. An attacking app can also wake the device and expand the status bar to take a screenshot of the user's notifications, potentially accessing sensitive data like two-factor authentication text messages, if it has the EXPAND STATUS BAR permission.

Recommendations For the ASUS ZenFone 3 Max Android device, consider disabling the EXPAND STATUS BAR permission for all apps to minimize the risk of exploitation. As a temporary workaround, users can manually remove the notification, but this does not fully mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.