PT-2014-2600 · Google · Android

Published

2014-08-31

Updated

2015-11-10

CVE-2013-2599

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions 4.1.x through 4.3.x

Description The issue allows attackers to obtain sensitive disk-encryption passwords via a logcat call due to debug logging being enabled by a certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class.

Recommendations For Android versions 4.1.x through 4.3.x, consider disabling debug logging in the NativeDaemonConnector class as a temporary workaround until a patch is available. Restrict access to logcat calls to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-2599

Affected Products

Android

PT-2014-2600 · Google · Android

CVE-2013-2599

Related Identifiers

Affected Products

References · 2