CVE-2014-7953

Name of the Vulnerable Software and Affected Versions: Android version 4.4.4

Description: A race condition exists in the bindBackupAgent method within the ActivityManagerService in Android. This issue allows local users with adb shell access to execute arbitrary code or install any valid package as the system user. The exploitation involves running pm install with a target APK while simultaneously executing a crafted script that processes logcat output to find a dexopt line. Once the dexopt line is found, the script executes bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.

Recommendations: For Android version 4.4.4, as a temporary workaround, consider restricting access to the bindBackupAgent method until a patch is available. Additionally, restrict the use of adb shell to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.