PT-2009-4778 · Google · Android
Chris Palmer
·
Published
2009-07-17
·
Updated
2018-10-10
·
CVE-2009-2348
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android version 1.5
Description
The issue allows local users to bypass certain configuration settings, specifically Manifest.permission.CAMERA and Manifest.permission.AUDIO RECORD, by installing and executing an application that does not request permission before using the camera or microphone.
Recommendations
For Android version 1.5, consider restricting access to the camera and microphone until a fix is available, or avoid installing applications that do not properly request permissions for these features.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android