CVE-2018-14983

Name of the Vulnerable Software and Affected Versions Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys android framework (versionCode=24, versionName=7.0)

Description The android framework in the Sony Xperia L1 Android device contains a modified system server process that allows any app co-located on the device to initiate the taking of a screenshot and write it to external storage. This action is not transparent to the user, as it triggers a screen animation and a notification. If the attacking app has the EXPAND STATUS BAR permission, it can wake the device and expand the status bar to take a screenshot of the user's notifications, potentially accessing sensitive data such as text messages used in two-factor authentication.

Recommendations For the Sony Xperia L1 Android device with the specified build fingerprint, consider disabling the EXPAND STATUS BAR permission for untrusted apps to minimize the risk of exploitation. As a temporary workaround, avoid using the device for sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.