PT-2019-15541 · Opera · Opera Mini For Android

Published

2019-10-29

Updated

2021-07-21

CVE-2019-18624

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Opera Mini for Android versions 44.1.2254.142553 through 44.1.2254.143214

Description The issue allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (Right to Left Override) approach. This can be demonstrated by the misinterpretation of a malicious .apk file, such as malicious%E2%80%AEtxt.apk being misinterpreted as maliciouskpa.txt.

Recommendations For versions 44.1.2254.142553 through 44.1.2254.143214, update to a version that contains a fix for this issue to prevent the bypassing of restrictions on .apk file download/installation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-18624

Affected Products

Opera Mini For Android

PT-2019-15541 · Opera · Opera Mini For Android

CVE-2019-18624

Related Identifiers

Affected Products

References · 5