PT-2014-8649 · Google · Android
Published
2014-12-15
·
Updated
2014-12-16
·
CVE-2014-8609
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 5.0.0
Description
The issue concerns the
addAccount method in the Settings application, which does not properly create a PendingIntent. This allows attackers to broadcast an intent with arbitrary component, action, or category information using a third-party authenticator in a crafted application.Recommendations
For Android versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android