PT-2019-19648 · Google · Android

Published

2019-09-27

Updated

2021-07-21

CVE-2019-9438

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a confused deputy in the Package Manager service, which could lead to the local disclosure of information about installed packages for other users. No additional execution privileges are needed for exploitation, and user interaction is not required.

Recommendations For Android version Android-10, consider restricting access to the Package Manager service to minimize the risk of information disclosure until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-9438

Affected Products

Android

PT-2019-19648 · Google · Android

CVE-2019-9438

Related Identifiers

Affected Products

References · 3