PT-2019-11164 · Google · Android
Published
2019-02-11
·
Updated
2019-02-12
·
CVE-2018-9586
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Android versions 7.0 through 9
Description:
A race condition in the InstallPackageTask.java of Android can cause package verification to be turned off and remain off. This issue could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.
Recommendations:
For Android versions 7.0 through 9, apply the fix provided by the Android security update to resolve the issue.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android