PT-2019-16216 · Google · Android

Published

2019-09-05

Updated

2021-07-21

CVE-2019-2124

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions 7.1.1 through 9

Description The issue allows for silent attachment of files to an email, potentially leading to local information disclosure due to a confused deputy in the ComposeActivityEmailExternal class of ComposeActivityEmailExternal.java.

Recommendations For Android versions 7.1.1 through 9, consider restricting access to email attachments to minimize the risk of exploitation until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-2124

Affected Products

Android

PT-2019-16216 · Google · Android

CVE-2019-2124

Related Identifiers

Affected Products

References · 3